CWE: 789 Uncontrolled Memory Allocation BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: ArrayList BadSink : Create an ArrayList using data as the initial size Flow Variant: 52 Data flow: data passed as an...

CWE: 690 Unchecked return value is null, leading to a null pointer dereference. BadSource: Use a custom method which may return null GoodSource: Use a custom method that never returns null Sinks: trim GoodSink: Check data for null before calling trim() BadSink : Call trim() on possibly null...

CWE: 601 Open Redirect BadSource: database Read data from a database GoodSource: A hardcoded string BadSink: place redirect string directly into redirect api call Flow Variant: 41 Data flow: data passed as an argument from one method to another in the same class

CWE: 601 Open Redirect BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string BadSink: place redirect string directly into redirect api call Flow Variant: 10 Control flow: if(IO.staticTrue) and if(IO.staticFalse)

CWE: 584 Return in Finally Block Sinks: GoodSink: no return in finally block BadSink : return in finally Flow Variant: 15 Control flow: switch(7)

CWE: 523 Unprotected Transport of Credentials Sinks: non_ssl GoodSink: Send across SSL connection BadSink : Send across non-SSL connection Flow Variant: 05 Control flow: if(privateTrue) and if(privateFalse)

CWE: 511 Logic Time Bomb Sinks: time GoodSink: after a certain date, print to the console BadSink : after a certain date, launch an executable Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())

CWE: 482 Comparing Instead of Assigning Sinks: GoodSink: Assigning BadSink : Comparing instead of assigning Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())

CWE: 476 Null Pointer Dereference BadSource: Set data to null GoodSource: Set data to a non-null value Sinks: GoodSink: add check to prevent possibility of null dereference BadSink : possibility of null dereference Flow Variant: 17 Control flow: for loops

CWE: 400 Resource Exhaustion BadSource: connect_tcp Read count using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the parameter for sleep with...

CWE: 400 Resource Exhaustion BadSource: File Read count from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the parameter for sleep withhout check...

CWE: 400 Resource Exhaustion BadSource: max_value Set count to a hardcoded value of Integer.MAX_VALUE GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop var...

CWE: 398 Indicator of Poor Code Quality Sinks: empty_while GoodSink: While statement contains code BadSink : An empty while statement has no effect Flow Variant: 14 Control flow: if(IO.staticFive==5) and if(IO.staticFive!=5)

CWE: 382 Use of System.exit() Sinks: System GoodSink: notify user, do not use System.exit BadSink : calling System.exit, breaching best practices Flow Variant: 13 Control flow: if(IO.STATIC_FINAL_FIVE==5) and if(IO.STATIC_FINAL_FIVE!=5)

CWE: 369 Divide by zero BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 51 Data f...

CWE: 369 Divide by zero BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 72 Data flow: data ...

CWE: 369 Divide by zero BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero number (two) Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 16 Control flow: whi...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_tcp Read password using a listening tcp connection GoodSource: Set password to a hardcoded value (one that was not sent over the network) Sinks: passwordAuth GoodSink: Decrypt password before using in PasswordAuthentic...

CWE: 197 Numeric Truncation Error BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_short BadSink : Convert data to a short Flow Variant: 45 Data flow: data passed as a private class member variab...

CWE: 197 Numeric Truncation Error BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_short Convert data to a short Flow Variant: 13 Control flow: if(IO.STATIC_FINAL_FIVE==5) and if(IO.STATIC_FINAL_F...

CWE: 191 Integer Underflow BadSource: min Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow ...

CWE: 191 Integer Underflow BadSource: min Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can ca...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can caus...

CWE: 190 Integer Overflow BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 51 Data...