CWE: 191 Integer Underflow BadSource: min Set data to the max value for short GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow...

This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is greater than 500, the resultant value 'wraps around', and becomes negative. This results in an exception being thrown, due to the invalid a...

CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...

CWE: 89 SQL Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: execute GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in execute(), which could resul...

CWE: 89 SQL Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: executeQuery GoodSink: Use prepared statement and executeQuery (properly) BadSink : data concatenated into SQL statement used in executeQuery(), which...

CWE: 89 SQL Injection BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: prepareStatement GoodSink: Use prepared statement and execute (properly) BadSink : data concatenated into SQL statement used in prepareStatement() call, which could r...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 68 Data flow: data passed as a member variable in the a class, w...

CWE: 789 Uncontrolled Memory Allocation BadSource: database Read data from a database GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashMap Create a HashMap using data as the initial size Flow Variant: 14 Control flow: if(IO.staticFive==5) and if(IO.staticFive!=5)

CWE: 643 Xpath Injection BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 21 Control flow: Flow controlled by value of a private variable. All fu...

CWE: 477 Use of Obsolete Functions Sinks: DataInputStream_readLine GoodSink: Use of preferred BufferedReader.readLine() method BadSink : Use deprecated DataInputStream.readLine() method Flow Variant: 15 Control flow: switch(7)

CWE: 400 Resource Exhaustion BadSource: PropertiesFile Read count from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the param...

CWE: 400 Resource Exhaustion BadSource: connect_tcp Read count using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the parameter for sleep with...

CWE: 398 Indicator of Poor Code Quality Sinks: empty_if GoodSink: If statement contains code BadSink : An empty if statement has no effect Flow Variant: 17 Control flow: for loops

CWE: 369 Divide by zero BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 61 Data flow: d...

CWE: 369 Divide by zero BadSource: random Set data to a random value between 0.0f (inclusive) and 1.0f (exclusive) GoodSource: A hardcoded non-zero number (two) Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 09 Control flow: i...

CWE: 369 Divide by zero BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero number (two) Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 09 Control flow: if(IO.STATIC_FINAL_TRUE) and if(IO.STAT...

CWE: 336 Same Seed in PRNG Sinks: GoodSink: no explicit seed specified BadSink : hardcoded seed Flow Variant: 16 Control flow: while(true)

CWE: 325 Missing Required Cryptographic Step Sinks: MessageDigest_update GoodSink: Include call to MessageDigest.update() BadSink : Missing call to MessageDigest.update() Flow Variant: 10 Control flow: if(IO.staticTrue) and if(IO.staticFalse)

CWE: 197 Numeric Truncation Error BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 01 Baseline

CWE: 197 Numeric Truncation Error BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())

CWE: 197 Numeric Truncation Error BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_short Convert data to a short Flow Variant: 01 Baseline

CWE: 191 Integer Underflow BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data Bad...

CWE: 191 Integer Underflow BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data...

CWE: 191 Integer Underflow BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause a...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an ...