Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata -Base program: Elastic Search - Source Taint: FILE_CONTENTS - Data Type: simple - Data Flow: address_as_co...

This test takes in integer n. The program attempts to open n files. If n is large enough the number of file handles will be exhausted. Metadata - Base program: Apache Jena - Source Taint: SOCKET - Data Type: VOID_POINTER - Data Flow: VAR_ARG_LIST - Control Flow: INTERRUPT

This test takes in a value from an argument and uses it as a array accessor resulting in an ArrayIndexOutOfBounds exception. Metadata -Base program: Apache Jena - Source Taint: ENVIRONMENT_VARIABLE - Data Type: simple - Data Flow: index_alias_1 - Control Flow: function_invocation_overload

This weakness takes an integer, two file names, and an integer "int file1 file2 int" as an input. The first integer is the size of the array to sort for timing in benign cases without FIFO files as inputs. The two files are used for thread "scheduling", if they are FIFO files in the order "fifo1 ...

This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...

This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...

This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Apache POI - Source Taint: SOCKET - Data Type: VOID_POINTER - Data Flow: JAVA_GEN...

CWE: 89 SQL Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection Flow...

CWE: 789 Uncontrolled Memory Allocation BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashMap Create a HashMap using data as the initial size Flow Variant: 17 Control flow: for loops

CWE: 789 Uncontrolled Memory Allocation BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: ArrayList Create an ArrayList using data as the initial size Flow Variant: 07 Control flow: if(...

CWE: 690 Unchecked return value is null, leading to a null pointer dereference. BadSource: getParameter_Servlet Set data to return of getParameter_Servlet GoodSource: Set data to fixed, non-null String Sinks: equals GoodSink: Call equals() on string literal (that is not null) BadSink : Call ...

CWE: 606 Unchecked Input for Loop Condition BadSource: Property Read data from a system property GoodSource: hardcoded int in string form Sinks: GoodSink: validate loop variable BadSink : loop variable not validated Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())

CWE: 477 Use of Obsolete Functions Sinks: DataInputStream_readLine GoodSink: Use of preferred BufferedReader.readLine() method BadSink : Use deprecated DataInputStream.readLine() method Flow Variant: 09 Control flow: if(IO.STATIC_FINAL_TRUE) and if(IO.STATIC_FINAL_FALSE)

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: File Read data from file (named c:\data.txt) GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data Flow Variant: 22 Control flow: Flow controlled by ...

CWE: 400 Resource Exhaustion BadSource: listen_tcp Read count using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: write GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of time...

CWE: 400 Resource Exhaustion BadSource: File Read count from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop variant in a for lo...

CWE: 36 Absolute Path Traversal BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: readFile BadSink : read line from file from disk Flow Variant: 71 Data flow: data passed as an Object reference argument from one method to another in diffe...

CWE: 369 Divide by zero BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero number (two) Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 72 Data flow: data passed in a Vector from o...

CWE: 369 Divide by zero BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero number (two) Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 71 Data flow: data passed as an Object refe...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: Establish data as a password GoodSource: Use a regular string (non-sensitive string) Sinks: GoodSink: encrypted channel BadSink : unencrypted channel Flow Variant: 13 Control flow: if(IO.STATIC_FINAL_FIVE==5) and if(IO.STA...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: connect_tcp Read password using an outbound tcp connection GoodSource: Set password to a hardcoded value (one that was not sent over the network) Sinks: driverManager GoodSink: Decrypt the password from the source before usin...

CWE: 23 Relative Path Traversal BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: readFile BadSink : no validation Flow Variant: 75 Data flow: data passed in a serialized object from one method to another in different s...

CWE: 197 Numeric Truncation Error BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_byte BadSink : Convert data to a byte Flow Variant: 74 Data flow: data passed in a HashMap from one method to another i...

CWE: 197 Numeric Truncation Error BadSource: large Set data to a number larger than Short.MAX_VALUE GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_short BadSink : Convert data to a short Flow Variant: 73 Data flow: data passed in a LinkedList from one method to ano...

CWE: 191 Integer Underflow BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which ...