CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sinks: w32_spawnlp BadSink : execute command with wspawnlp Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sinks: w32spawnl BadSink : execute command with wspawnl Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with wspawnvp Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_spawnvp BadSink : execute command with wspawnvp Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: w32spawnl BadSink : execute command with spawnl Flow Variant: 72 Data flow: data passed in a vector from one function to another in different source files

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: w32_spawnv BadSink : execute command with spawnv Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same function)

CWE: 90 LDAP Injection BadSource: file Read input from a file GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 18 Control flow: goto statements

CWE: 606 Unchecked Input For Loop Condition BadSource: environment Read input from an environment variable GoodSource: Input a number less than MAX_LOOP Sinks: GoodSink: Use data as the for loop variant after checking to see if it is less than MAX_LOOP BadSink : Use data as the for loop vari...

CWE: 506 Embedded Malicious Code Sinks: file_attrib_created GoodSink: Do not modify the files created time attribute BadSink : Modify the files created time attribute Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using CreateFile() Sinks: fclose GoodSink: Close the file using CloseHandle() BadSink : Close the file using fclose() Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink functions are in a s...

CWE: 404 Improper Resource Shutdown or Release BadSource: fopen Open a file using fopen() Sinks: w32_close GoodSink: Close the file using fclose() BadSink : Close the file using close() Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a differ...

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: ofstream BadSink : Open the file named in data using ofstream::open() Flow Variant: 52 Data flow: data passed as an argument from one function to another t...

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 82 Data flow: data passed in a parameter to a virtual method ...

CWE: 327 Use of a Broken or Risky Cryptographic Algorithm Sinks: DES GoodSink: Use AES for decryption BadSink : Use DES for decryption Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 321 Use of Hard-coded Cryptographic Key BadSource: Copy a hardcoded value into cryptoKey GoodSource: Read cryptoKey from the console Sink: BadSink : Hash cryptoKey and use the value to encrypt a string Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 272 Least Privilege Violation Sinks: RegOpenKeyEx GoodSink: Open a registry key using RegOpenKeyExA() and HKEY_CURRENT_USER BadSink : Open a registry key using RegOpenKeyExA() and HKEY_LOCAL_MACHINE Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 64 Data flow: void pointer to data passed from one function to ...

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 23 Relative Path Traversal BadSource: file Read input from a file GoodSource: Use a fixed file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 63 Data flow: pointer to data passed from one function to another in di...

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 62 Data flow: data flows using a C++ reference from one function to ano...

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 54 Data flow: data...

CWE: 114 Process Control BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 45 Data flow: data passed as a static global variable from one function to another...

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)