CWE: 190 Integer Overflow BadSource: max Set data to the max value for short GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant: 1...

CWE: 190 Integer Overflow BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cause an overflow Flow Variant:...

CWE: 190 Integer Overflow BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: add GoodSink: Ensure there will not be an overflow before adding 1 to data BadSink : Add 1 to data, which can cau...

The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...

This test takes a string, gets the first character, and uses a recursive method to look for the index of the second occurrence of that character. If the character does not appear a second time, it will recurse indefinitely. Metadata - Base program: Elastic Search - Source Taint: FILE_CONTENTS ...

This test takes in a value passed as an argument This value is originally signed, but is converted to unsigned when stored in a char. This value is then used to index an allocated array with a signed value. Metadata - Base program: Coffee MUD - Source Taint: FILE_CONTENTS - Data Type: VOID_...

This test takes user input for the size of an array to be allocated. If the array fails to allocate, an exception is caught, but no action is taken resulting in a subsequent exception. Metadata - Base program: Apache Lucene - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - Da...

CWE: 89 SQL Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: executeBatch GoodSink: Use prepared statement and executeBatch (properly) BadSink : data concatenated into SQL statement used in executeBatch(), wh...

CWE: 78 OS Command Injection BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: exec BadSink : dynamic command execution with Runtime.getRuntime().exec() Flow Variant: 73 Data flow: data passed in a LinkedList from one method to anot...

CWE: 789 Uncontrolled Memory Allocation BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: HashMap BadSink : Create a HashMap using data as the initial size Flow Variant: 52 Data flow: data passed as an argument from on...

CWE: 789 Uncontrolled Memory Allocation BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashMap Create a HashMap using data as the initial size Flow Variant: 02 Control flow: if(true)...

CWE: 789 Uncontrolled Memory Allocation BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: HashSet BadSink : Create a HashSet using data as the initial size Flow Variant: 81 Data flow: data passed in a ...

CWE: 690 Unchecked return value is null, leading to a null pointer dereference. BadSource: getParameter_Servlet Set data to return of getParameter_Servlet GoodSource: Set data to fixed, non-null String Sinks: equals GoodSink: Call equals() on string literal (that is not null) BadSink : Call ...

CWE: 681 Incorrect Conversion Between Numeric Types Sinks: double2float GoodSink: check for conversion error BadSink : explicit cast Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 643 Xpath Injection BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: GoodSink: validate input through StringEscapeUtils BadSink : user input is used without validate Flow Variant: 08 Control flow: if(privateRetur...

CWE: 601 Open Redirect BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: place redirect string directly into redirect api call Flow Variant: 68 Data flow: data passed as a member variable in the a class, which is used by a method in another class...

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 12 Control flow: if(IO.staticReturnsTrueOrFalse())

CWE: 470 Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: Set data to a hardcoded class name BadSink: Instantiate class named in data Flow Variant: 41 Data flow: d...

CWE: 369 Divide by zero BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 67 Data flow: data passed ...

CWE: 369 Divide by zero BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero number (two) Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 41 Data flow: data passed as an argument from one me...

CWE: 23 Relative Path Traversal BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: readFile BadSink : no validation Flow Variant: 71 Data flow: data passed as an Object reference argument from one method to another in different classes in the ...

CWE: 197 Numeric Truncation Error BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: to_short Convert data to a short Flow Variant: 68 Data flow: data passed as a member variable in the ...

CWE: 191 Integer Underflow BadSource: min Set data to the max value for long GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an underflow before multiplying data by 2 BadSink : If data is negative, multiply by 2, which can ca...

CWE: 191 Integer Underflow BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can...

CWE: 191 Integer Underflow BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: sub GoodSink: Ensure there will not be an underflow before subtracting 1 from data BadSink : Subtract 1 from data, which can cau...