CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32spawnl BadSink : execute command with wspawnl Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: w32_spawnv BadSink : execute command with wspawnv Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three diffe...

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sink: w32_execvp BadSink : execute command with execvp Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string BadSink : execute command with spawnl Flow Variant: 82 Data flow: data passed in a parameter to an virtual method called via a pointer

CWE: 244 Failure to Clear Heap Before Release (Heap Inspection) Sinks: realloc GoodSink: Clear the password buffer before reallocating it BadSink : Reallocate buffer containing password without first clearing the buffer Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 90 LDAP Injection BadSource: environment Read input from an environment variable GoodSource: Use a fixed string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 67 Data flow: data passed in a struct from one function to another in d...

CWE: 90 LDAP Injection BadSource: console Read input from the console GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data without using VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sinks: BadSink : Authentica...

CWE: 404 Improper Resource Shutdown or Release BadSource: fopen Open a file using fopen() Sinks: w32_close GoodSink: Close the file using fclose() BadSink : Close the file using close() Flow Variant: 32 Data flow: two pointers to the same value within the same function

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 325 Missing Required Cryptographic Step Sinks: CryptCreateHash GoodSink: All required cryptographic steps are present BadSink : Missing call to CryptCreateHash() Flow Variant: 18 Control flow: goto statements

CWE: 325 Missing Required Cryptographic Step Sinks: CryptCreateHash GoodSink: All required cryptographic steps are present BadSink : Missing call to CryptCreateHash() Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 321 Use of Hard-coded Cryptographic Key BadSource: Copy a hardcoded value into cryptoKey GoodSource: Read cryptoKey from the console Sink: BadSink : Hash cryptoKey and use the value to encrypt a string Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 253 Incorrect Check of Return Value Sinks: w32ImpersonateNamedPipeClient GoodSink: Correctly check if ImpersonateNamedPipeClient() failed BadSink : Incorrectly check if ImpersonateNamedPipeClient() failed Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 253 Incorrect Check of Return Value Sinks: w32CreateNamedPipe GoodSink: Correctly check if CreateNamedPipeA() failed BadSink : Incorrectly check if CreateNamedPipeA() failed Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFal...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sinks: fopen BadSink : Open the file named in data using fopen() Flow Variant: 74 Data flow: data passed in a map from one function to another in differe...

CWE: 23 Relative Path Traversal BadSource: file Read input from a file GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different...

CWE: 176 Improper Handling of Unicode Encoding BadSource: Initialize data as a large unicode string GoodSource: Initialize data as a small unicode string Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 53 Data flow: data passed ...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfwprintf with a format string BadSink : vfwprintf without a format string Flow Variant: 72 Data flow: data passed in a vect...

CWE: 114 Process Control BadSource: file Read input from a file GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 114 Process Control BadSource: console Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 114 Process Control BadSource: file Read input from a file GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 33 Data flow: use of a C++ reference to data within the same function