This test takes in a value from a taint source, and creates a string array based on the value. Math is performed on the value such that, if the value is greater than 500, the resultant value 'wraps around', and becomes negative. This results in an exception being thrown, due to the invalid a...

This weakness takes an integer and string as input (int string) where the integer is the size of the array to sort for timing and the string is the data that is acted upon. The weakness spawns two threads, both of which in turn call the function 'arrFunc' which is non-reentrant. 'arrFunc' uses a ...

A file name is provided to the application. This file is assumed to be a binary payload with at least 4 bytes of data. The first 4 bytes of data are an encoded 32-bit Integer. This value describes the length of the rest of the message. If the length is not eual to of less than the remainder of th...

This test case takes a value and attempts to convert it to upper case. If the value contains anything other than a-zA-Z, then an exception is thrown, but not caught. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - Data Type: ARRAY - Data Flow: BASIC - Control Flow: BREAK_WITH_...

CWE: 89 SQL Injection BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), which could result in SQL Injectio...

CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1) BadSource: database Read data from a database GoodSource:...

CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1) BadSource: File Read data from file (named c:\data.txt) G...

CWE: 78 OS Command Injection BadSource: Property Read data from a system property GoodSource: A hardcoded string BadSink: exec dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 09 Control flow: if(IO.STATIC_FINAL_TRUE) and if(IO.STATIC_FINAL_FALSE)

CWE: 78 OS Command Injection BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 21 Control flow: Flow controlled by value of a private variable. All functions co...

CWE: 789 Uncontrolled Memory Allocation BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: ArrayList Create an ArrayList using data as the initial size Flow Variant: 17 Control flow: for loops

CWE: 789 Uncontrolled Memory Allocation BadSource: max_value Set data to a hardcoded value of Integer.MAX_VALUE GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashMap Create a HashMap using data as the initial size Flow Variant: 15 Control flow: switch(6)

CWE: 789 Uncontrolled Memory Allocation BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashSet Create a HashSet using data as the initial size Flow Variant: 06 Control flow: if(PRIVATE_...

CWE: 789 Uncontrolled Memory Allocation BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: HashSet BadSink : Create a HashSet using data as the initial size Flow Variant: 53 Data flow: data passed as an argumen...

CWE: 606 Unchecked Input for Loop Condition BadSource: Property Read data from a system property GoodSource: hardcoded int in string form Sinks: GoodSink: validate loop variable BadSink : loop variable not validated Flow Variant: 52 Data flow: data passed as an argument from one method to a...

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: Set data to a hardcoded class name Sinks: BadSink : Instantiate class named in data Flow Variant: 75 Data fl...

CWE: 400 Resource Exhaustion BadSource: connect_tcp Read count using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: GoodSink: Validate count before using it as a parameter in sleep function BadSink : Use count as the parameter for sleep with...

CWE: 400 Resource Exhaustion BadSource: PropertiesFile Read count from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: write GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file ...

CWE: 400 Resource Exhaustion BadSource: connect_tcp Read count using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: write GoodSink: Write to a file count number of times, but first validate count BadSink : Write to a file count number of tim...

CWE: 369 Divide by zero BadSource: zero Set data to a hardcoded value of zero GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 73 Data flow: data passed in a Li...

CWE: 329 Not using random IV with CBC Mode Sinks: GoodSink: use random iv BadSink : use hardcoded iv Flow Variant: 17 Control flow: for loops

CWE: 197 Numeric Truncation Error BadSource: database Read data from a database GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_byte Convert data to a byte Flow Variant: 13 Control flow: if(IO.STATIC_FINAL_FIVE==5) and if(IO.STATIC_FINAL_FIVE!=5)

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cause an Underflow Flow...

CWE: 191 Integer Underflow BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multi...

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can cause a...

CWE: 190 Integer Overflow BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can cause an ...