CWE: 80 Cross Site Scripting (XSS) BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Valu...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow...

CWE: 78 OS Command Injection BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 11 Control flow: if(IO.staticReturnsTrue()) and if(IO.staticReturnsFalse())

CWE: 78 OS Command Injection BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 789 Uncontrolled Memory Allocation BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashMap Create a HashMap using data as the initial size Flow Variant: 01 Baseline

CWE: 789 Uncontrolled Memory Allocation BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: ArrayList BadSink : Create an ArrayList using data as the initial size Flow Variant: 71 Data flow: data passed as an Object r...

CWE: 643 Xpath Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 31 Data flow: make a copy of data w...

CWE: 606 Unchecked Input for Loop Condition BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: hardcoded int in string form Sinks: GoodSink: validate loop variable BadSink : loop variable not validated Flow Variant: 73 Data flow: data passed in a Li...

CWE: 606 Unchecked Input for Loop Condition BadSource: console_readLine Read data from the console using readLine() GoodSource: hardcoded int in string form Sinks: GoodSink: validate loop variable BadSink : loop variable not validated Flow Variant: 42 Data flow: data returned from one metho...

CWE: 601 Open Redirect BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: BadSink : place redirect string directly into redirect api call Flow Variant: 21 Control flow: Flow controlled by value of a private variable. All...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow V...

CWE: 400 Resource Exhaustion BadSource: Environment Read count from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the parameter for sleep withhout...

CWE: 400 Resource Exhaustion BadSource: PropertiesFile Read count from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: write GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file ...

CWE: 400 Resource Exhaustion BadSource: connect_tcp Read count using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop variant i...

CWE: 400 Resource Exhaustion BadSource: File Read count from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: write GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of times Flow V...

CWE: 369 Divide by zero BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 52 Data flow: data pas...

CWE: 369 Divide by zero BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be...

CWE: 369 Divide by zero BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero number (two) Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 71 Data flow: data passed as an Object r...

CWE: 23 Relative Path Traversal BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string BadSink: readFile no validation Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FINAL_TRUE) and if(PRIVATE_STATIC_FINAL_FALSE)

CWE: 23 Relative Path Traversal BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: readFile BadSink : no validation Flow Variant: 72 Data flow: data passed in a Vector from one method to another in different source files in the same package

CWE: 197 Numeric Truncation Error BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_byte BadSink : Convert data to a byte Flow Variant: 66 Data flow: data passed in an array from one ...

CWE: 197 Numeric Truncation Error BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_short Convert data to a short Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FINAL_TRUE) and if(PRIVATE_STATIC_FINAL_FALSE)

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 191 Integer Underflow BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multipl...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...