CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 191 Integer Underflow BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 10...

CWE: 190 Integer Overflow BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an over...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for byte GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 74...

This test takes an integer and filename as input (int filename), and checks that the file exists, and is in the current directory. However there is a time of check,time of use vulnerability after the file is checked but before it is opened allowing the file to be deleted before opening causing a ...

This weakness takes a string in the form: '<qsize> <data>' where qsize is the size of the array to sort (used to delay execution) and data is a string that is used for processing. The contents of this string are unimportant. Two threads are created, one of which fails to check for a mutex lock le...

This test takes input in the form of an integer and creates an array of that size. If the input is too large an exception is raised and the array is initialized to a default size without ever changing the size variable. This leads to an ArrayIndexoutOfBoundsException when the array is access...

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which...

CWE: 89 SQL Injection BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could resul...

CWE: 89 SQL Injection BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: executeUpdate GoodSink: Use prepared statement and executeUpdate (properly) BadSink : data concatenated into SQL statement used in executeUpdate(), which could result...

CWE: 80 Cross Site Scripting (XSS) BadSource: database Read data from a database GoodSource: A hardcoded string BadSink: Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow Variant: 14 Contr...

CWE: 80 Cross Site Scripting (XSS) BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Va...

CWE: 80 Cross Site Scripting (XSS) BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: BadSink : Display of data in web page after using replaceAll() to remove script tags, which will still allow XSS (CWE 182: Collapse of Data into Unsafe Value) Flow...

CWE: 690 Unchecked return value is null, leading to a null pointer dereference. BadSource: getParameter_Servlet Set data to return of getParameter_Servlet GoodSource: Set data to fixed, non-null String Sinks: equals GoodSink: Call equals() on string literal (that is not null) BadSink : Call ...

CWE: 606 Unchecked Input for Loop Condition BadSource: listen_tcp Read data using a listening tcp connection GoodSource: hardcoded int in string form Sinks: GoodSink: validate loop variable BadSink : loop variable not validated Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FINAL_TRUE) an...

CWE: 36 Absolute Path Traversal BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded string Sinks: readFile BadSink : read line from file from disk Flow Variant: 52 Data flow: data passed as an argument from one m...

CWE: 369 Divide by zero BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 21 Control...

CWE: 369 Divide by zero BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 31 Data flow: make ...

CWE: 23 Relative Path Traversal BadSource: Property Read data from a system property GoodSource: A hardcoded string BadSink: readFile no validation Flow Variant: 16 Control flow: while(true)

CWE: 197 Numeric Truncation Error BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_short Convert data to a short Flow Variant: 13 Control flow: if(IO.STATIC_FINAL_FIVE==5) and if(IO.STATIC_FINAL_FIVE!=5)

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 81 Data...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 73...

CWE: 190 Integer Overflow BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multipl...

CWE: 190 Integer Overflow BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multipl...