CWE: 190 Integer Overflow BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flo...

CWE: 190 Integer Overflow BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow ...

CWE: 15 External Control of System or Configuration Setting BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string BadSink: Set the catalog name with the value of data Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FINAL_TRUE) and if(PRIVATE_...

CWE: 15 External Control of System or Configuration Setting BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string BadSink: Set the catalog name with the value of data Flow Variant: 04 Control flow: if(PRIVATE_STATIC_FINAL_TRUE) and if(PRIVATE_...

CWE: 15 External Control of System or Configuration Setting BadSource: Property Read data from a system property GoodSource: A hardcoded string BadSink: Set the catalog name with the value of data Flow Variant: 41 Data flow: data passed as an argument from one method to another in the same c...

CWE: 15 External Control of System or Configuration Setting BadSource: Property Read data from a system property GoodSource: A hardcoded string BadSink: Set the catalog name with the value of data Flow Variant: 07 Control flow: if(privateFive==5) and if(privateFive!=5)

CWE: 15 External Control of System or Configuration Setting BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: BadSink : Set the catalog name with the value of data Flow Variant: 54 Data flow: data passed as an argument from one method through...

CWE: 134 Uncontrolled Format String BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: format GoodSink: dynamic formatted stdout with string defined BadSink : dynamic formatted stdout without validation Flow Variant: 12 Control flow: if(I...

CWE: 129 Improper Validation of Array Index BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of index Flo...

CWE: 129 Improper Validation of Array Index BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less than array.length BadSink : Read fro...

CWE: 129 Improper Validation of Array Index BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 BadSink : data is used to set t...

CWE: 129 Improper Validation of Array Index BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of in...

CWE: 129 Improper Validation of Array Index BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of in...

CWE: 129 Improper Validation of Array Index BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 BadSink : data is u...

CWE: 129 Improper Validation of Array Index BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less than array.length...

CWE: 129 Improper Validation of Array Index BadSource: getQueryString_Servlet Parse id param out of the URL query string (without using getParameter()) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that da...

CWE: 129 Improper Validation of Array Index BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any ve...

CWE: 129 Improper Validation of Array Index BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any ve...

CWE: 129 Improper Validation of Array Index BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 BadSink : data is ...

CWE: 129 Improper Validation of Array Index BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verif...

CWE: 113 HTTP Response Splitting BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 67 Data flow: data passed in a class from on...

CWE: 113 HTTP Response Splitting BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 66 Data flow: data passed in an array fro...

CWE: 113 HTTP Response Splitting BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 61 Data flow: data returned from one method to another in different classes in t...

CWE: 113 HTTP Response Splitting BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 11 Control flow: if(IO.staticReturnsTrue()) and if(IO....

CWE: 113 HTTP Response Splitting BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())