CWE: 319 Cleartext Transmission of Sensitive Information BadSource: connect_tcp Read password using an outbound tcp connection GoodSource: Set password to a hardcoded value (one that was not sent over the network) Sinks: kerberosKey GoodSink: Decrypt password before using in KerberosKey() Ba...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: connect_tcp Read password using an outbound tcp connection GoodSource: Set password to a hardcoded value (one that was not sent over the network) Sinks: driverManager GoodSink: Decrypt the password from the source before usin...

CWE: 23 Relative Path Traversal BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string BadSink: readFile no validation Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FINAL_TRUE) and if(PRIVATE_STATIC_FINAL_FALSE)

CWE: 23 Relative Path Traversal BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string BadSink: readFile no validation Flow Variant: 13 Control flow: if(IO.STATIC_FINAL_FIVE==5) and if(IO.STATIC_FINAL_FIVE!=5)

CWE: 23 Relative Path Traversal BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: readFile BadSink : no validation Flow Variant: 61 Data flow: data returned from one method to another in different classes in the same package

CWE: 23 Relative Path Traversal BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: readFile no validation Flow Variant: 10 Control flow: if(IO.staticTrue) and if(IO.staticFalse)

CWE: 197 Numeric Truncation Error BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 197 Numeric Truncation Error BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 10 Control flow: if(IO.staticTrue) and if(IO.staticFalse)

CWE: 197 Numeric Truncation Error BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 05 Control flow: if(privateTrue) and if(privateFalse)

CWE: 197 Numeric Truncation Error BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_byte BadSink : Convert data to a byte Flow Variant: 21 Control flow: Flow controlled by value of a private variable. All functions ...

CWE: 197 Numeric Truncation Error BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 42 Data flow: data returned from one method to another in the same class

CWE: 197 Numeric Truncation Error BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_byte BadSink : Convert data to a byte Flow Variant: 53 Data flow: data passed as an argument from one method through two others to a fourth...

CWE: 197 Numeric Truncation Error BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_short BadSink : Convert data to a short Flow Variant: 22 Control flow: Flow controlled by value of a public stat...

CWE: 197 Numeric Truncation Error BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: to_byte BadSink : Convert data to a byte Flow Variant: 53 Data flow: data passed as an argument from one method through two others to ...

CWE: 197 Numeric Truncation Error BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 06 Control flow: if(PRIVATE_STATIC_FINAL_FIVE==5) and if(PRIVATE_STATIC_FINA...

CWE: 191 Integer Underflow BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multipl...

CWE: 191 Integer Underflow BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multipl...

CWE: 191 Integer Underflow BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which c...

CWE: 191 Integer Underflow BadSource: min Set data to the minimum value for int GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underfl...

CWE: 191 Integer Underflow BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from dat...

CWE: 190 Integer Overflow BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow ...

CWE: 190 Integer Overflow BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overfl...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 15 Co...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can caus...

CWE: 190 Integer Overflow BadSource: max Set data to the maximum value for int GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can c...