CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sinks: execl BadSink : execute command with execl Flow Variant: 81 Data flow: data passed in a parameter to an virtual method called via a reference

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_...

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 61 Data flow: data returned from one function to another in di...

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsF...

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsF...

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsF...

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_...

CWE: 401 Memory Leak BadSource: calloc Allocate data using calloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: memmove BadSink : Copy twoIntsStruct array to data using memmove Flow Variant: 73 Data flow: data passed in a list from one function to another in differ...

CWE: 789 Uncontrolled Memory Allocation BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with new [] and check the size of the memory to be allocated BadSink : Allocate memory with new [], but...

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file descriptor using open() Sinks: GoodSink: Close the file before reusing the file descriptor BadSink : Reassign the file descriptor before closing the file Flow Variant: 33 Data flow: use of a C++ referenc...

CWE: 590 Free Memory Not on Heap BadSource: declare Data buffer is declared on the stack GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all four functions ar...

CWE: 426 Untrusted Search Path BadSource: Dont specify the full path in the OS command GoodSource: Specify the full path in the OS command Sinks: system BadSink : Execute the system function Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in differe...

CWE: 401 Memory Leak BadSource: Allocate data using new[] GoodSource: Point data to a stack buffer Sinks: GoodSink: call delete[] on data BadSink : no deallocation of data Flow Variant: 72 Data flow: data passed in a vector from one function to another in different source files

CWE: 259 Use of Hard-coded Password BadSource: Use a hardcoded password GoodSource: Read the password from the console Sinks: BadSink : Authenticate the user using LogonUserA() Flow Variant: 74 Data flow: data passed in a map from one function to another in different source files

CWE: 197 Numeric Truncation Error BadSource: fscanf Read data from the console using fscanf() GoodSource: Less than CHAR_MAX Sinks: to_short BadSink : Convert data to a short Flow Variant: 43 Data flow: data flows using a C++ reference from one function to another in the same source file

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 73 Data flow: data passed in a list from one function to another in d...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memcpy BadSink : Copy data to string using memcpy Flow Variant: 72 Data flow: data passed in a vector from one function to another ...

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class object on the stack

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 72 Data flow: data passed in a vector from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: snprintf BadSink : Copy data to string using snprintf Flow Variant: 73 Data flow: data passed in a list from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sink: ncat BadSink : Copy string to data using wcsncat Flow Variant: 16 Control flow: while(1)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 72 Data flow: data passed in a vector from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Point data to a buffer that does not have space for a NULL terminator GoodSource: Point data to a buffer that includes space for a NULL terminator Sinks: memmove BadSink : Copy string to data using memmove() Flow Variant: 33 Data flow: use of ...