CWE: 190 Integer Overflow BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2,...

CWE: 190 Integer Overflow BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before multiplying data by 2 BadSink : If data is positive, multiply by 2, which can c...

CWE: 190 Integer Overflow BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant:...

CWE: 15 External Control of System or Configuration Setting BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string BadSink: Set the catalog name with the value of data Flow Variant: 41 Data flow: data passed as an argument from one method to an...

CWE: 134 Uncontrolled Format String BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: printf GoodSink: dynamic printf format with string defined BadSink : dynamic printf without validation Flow Variant: 05 Control flow: if(privateT...

CWE: 134 Uncontrolled Format String BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: format GoodSink: dynamic formatted stdout with string defined BadSink : dynamic formatted stdout without validation Flow Variant: 45 Data flow: data pas...

CWE: 134 Uncontrolled Format String BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: printf GoodSink: dynamic printf format with string defined BadSink : dynamic printf without validation Flow Variant: 05 Control flow: if(privateT...

CWE: 134 Uncontrolled Format String BadSource: Environment Read data from an environment variable GoodSource: A hardcoded string Sinks: printf GoodSink: dynamic printf format with string defined BadSink : dynamic printf without validation Flow Variant: 61 Data flow: data returned from one m...

CWE: 129 Improper Validation of Array Index BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any ...

CWE: 129 Improper Validation of Array Index BadSource: Property Read data from a system property GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of in...

CWE: 129 Improper Validation of Array Index BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array...

CWE: 129 Improper Validation of Array Index BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less t...

CWE: 129 Improper Validation of Array Index BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_min GoodSink: Read from array after verifying that data is at least 0 and less ...

CWE: 129 Improper Validation of Array Index BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than...

CWE: 129 Improper Validation of Array Index BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_write_no_check GoodSink: Write to array after verifying index BadSink : Write to array without any verification of ...

CWE: 129 Improper Validation of Array Index BadSource: File Read data from file (named c:\data.txt) GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_no_check GoodSink: Read from array after verifying index BadSink : Read from array without any verification of...

CWE: 129 Improper Validation of Array Index BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.length B...

CWE: 129 Improper Validation of Array Index BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: array_read_check_max GoodSink: Read from array after verifying index is at least 0 and less than array.length BadSi...

CWE: 113 HTTP Response Splitting BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: setHeaderServlet GoodSink: URLEncode input BadSink : querystring to setHeader() Flow Variant: 72 Data flow: data passed in a Vector from one method ...

CWE: 113 HTTP Response Splitting BadSource: URLConnection Read data from a web server with URLConnection GoodSource: A hardcoded string Sinks: setHeaderServlet GoodSink: URLEncode input BadSink : querystring to setHeader() Flow Variant: 15 Control flow: switch(6) and switch(7)

CWE: 113 HTTP Response Splitting BadSource: Property Read data from a system property GoodSource: A hardcoded string Sinks: setHeaderServlet GoodSink: URLEncode input BadSink : querystring to setHeader() Flow Variant: 31 Data flow: make a copy of data within the same method

CWE: 113 HTTP Response Splitting BadSource: getParameter_Servlet Read data from a querystring using getParameter() GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 42 Data flow: data returned from one method ...

CWE: 113 HTTP Response Splitting BadSource: PropertiesFile Read data from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 54 Data flow: data passed as an argument ...

CWE: 113 HTTP Response Splitting BadSource: console_readLine Read data from the console using readLine() GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 41 Data flow: data passed as an argument from one meth...

CWE: 113 HTTP Response Splitting BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 03 Control flow: if(5==5) and if(5!=5)