CWE: 190 Integer Overflow BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow F...

CWE: 190 Integer Overflow BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is posi...

CWE: 134 Uncontrolled Format String BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: format GoodSink: dynamic formatted stdout with string defined BadSink : dynamic formatted stdout without validation Flow Variant: 74 Data flow: d...

CWE: 134 Uncontrolled Format String BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: format GoodSink: dynamic formatted stdout with string defined BadSink : dynamic formatted stdout without validation Flow Variant: 81 Data flow: data pas...

CWE: 134 Uncontrolled Format String BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: printf GoodSink: dynamic printf format with string defined BadSink : dynamic printf without validation Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())

CWE: 134 Uncontrolled Format String BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: printf GoodSink: dynamic printf format with string defined BadSink : dynamic printf without validation Flow Variant: 74 Data flow: d...

CWE: 129 Improper Validation of Array Index BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any verification of index Flow...

CWE: 129 Improper Validation of Array Index BadSource: negative_fixed Set data to a negative value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of ...

CWE: 129 Improper Validation of Array Index BadSource: negative_fixed Set data to a negative value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of ...

CWE: 129 Improper Validation of Array Index BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any verification of ind...

CWE: 129 Improper Validation of Array Index BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less than array.length BadSink : ...

CWE: 129 Improper Validation of Array Index BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.length BadSink : Read...

CWE: 129 Improper Validation of Array Index BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_size GoodSink: data is used to set the size of the array and it must be greater than 0 ...

CWE: 129 Improper Validation of Array Index BadSource: large_fixed Set data to a value greater than the size of the array GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array withou...

CWE: 129 Improper Validation of Array Index BadSource: getCookies_Servlet Read data from the first cookie using getCookies() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less t...

CWE: 129 Improper Validation of Array Index BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any verification of ...

CWE: 129 Improper Validation of Array Index BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any verification of ...

CWE: 129 Improper Validation of Array Index BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any verificati...

CWE: 129 Improper Validation of Array Index BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any verificati...

CWE: 129 Improper Validation of Array Index BadSource: database Read data from a database GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less than array.length BadSink : Read fr...

CWE: 129 Improper Validation of Array Index BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any ve...

CWE: 114 Process Control Sinks: GoodSink: use System.load() to load a library BadSink : use System.loadLibrary() to load a library Flow Variant: 13 Control flow: if(IO.STATIC_FINAL_FIVE==5) and if(IO.STATIC_FINAL_FIVE!=5)

CWE: 113 HTTP Response Splitting BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 07 Control flow: if(privateFive==5) and if(privateFive...

CWE: 113 HTTP Response Splitting BadSource: database Read data from a database GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 52 Data flow: data passed as an argument from one method to another to another i...

CWE: 113 HTTP Response Splitting BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: setHeaderServlet GoodSink: URLEncode input BadSink : querystring to setHeader() Flow Variant: 52 Data flow: data passed as an argument from one method to anot...