CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 191 Integer Underflow BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underfl...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 81 Data...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 02 Cont...

CWE: 190 Integer Overflow BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Ad...

CWE: 190 Integer Overflow BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Ad...

This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...

This weakness takes an integer, two file names, and an integer "int file1 file2 int" as an input. The first integer is the size of the array to sort for timing in benign cases without FIFO files as inputs. The two files are used for thread "scheduling", if they are FIFO files in the order "fifo1 ...

CWE-584 Return Inside Finally This test takes the name of a file as input. It then attempts to get the absolute path of the file and open it for reading. Since GetAbsolutePath.getAbsolutePath has a return in a finally clause, any generated warnings are dropped, eventually leading to a null p...

This weakness takes a value and converts it to upper case. If it contains characters not a-zA-Z, then the function used to covert to upper case will return null. After converting the value to upper case it is compared to a static password. This comparison will cause an error if the value con...

CWE: 89 SQL Injection BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could res...

CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1) BadSource: listen_tcp Read data using a listening tcp conn...

CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1) BadSource: getQueryString_Servlet Parse id param out of th...

CWE: 78 OS Command Injection BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 81 Data flow: data passed in a parameter to an abstract...

CWE: 789 Uncontrolled Memory Allocation BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashMap Create a HashMap using data as the initial size Flow Variant: 13 Control flow: if(IO.STATIC_FINAL_FIVE==5) and if(IO.ST...

CWE: 789 Uncontrolled Memory Allocation BadSource: database Read data from a database GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: HashSet BadSink : Create a HashSet using data as the initial size Flow Variant: 72 Data flow: data passed in a Vector from one method t...

CWE: 643 Xpath Injection BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 42 Data flow: data returned from one...

CWE: 606 Unchecked Input for Loop Condition BadSource: Property Read data from a system property GoodSource: hardcoded int in string form Sinks: GoodSink: validate loop variable BadSink : loop variable not validated Flow Variant: 61 Data flow: data returned from one method to another in dif...

CWE: 601 Open Redirect BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: BadSink : place redirect string directly into redirect api call Flow Variant: 73 Data flow: data passed in a LinkedList from one method to another in different...

CWE: 400 Resource Exhaustion BadSource: PropertiesFile Read count from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the param...

CWE: 369 Divide by zero BadSource: database Read data from a database GoodSource: A hardcoded non-zero number (two) Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 45 Data flow: data passed as a private class member variabl...

CWE: 23 Relative Path Traversal BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string BadSink: readFile no validation Flow Variant: 14 Control flow: if(IO.staticFive==5) and if(IO.staticFive!=5)

CWE: 197 Numeric Truncation Error BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 16 Control flow: while(true)

CWE: 191 Integer Underflow BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multipl...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...