CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32spawnl BadSink : execute command with wspawnl Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: w32_spawnv BadSink : execute command with wspawnv Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: popen BadSink : Execute command in data using popen() Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different source files

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: execl BadSink : execute command with wexecl Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class object on the stack

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class object on ...

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_spawnlp BadSink : execute command with spawnlp Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all four functions are in dif...

CWE: 90 LDAP Injection BadSource: file Read input from a file GoodSource: Use a fixed string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 90 LDAP Injection BadSource: environment Read input from an environment variable GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 15 Control flow: switch(6)

CWE: 785 Path Manipulation Function Without Max Sized Buffer Sinks: GoodSink: Ensure the path parameter is MAX_PATH BadSink : Use PathAppend() with a buffer that is less than MAX_PATH Flow Variant: 16 Control flow: while(1)

CWE: 785 Path Manipulation Function Without Max Sized Buffer Sinks: GoodSink: Ensure the path parameter is MAX_PATH BadSink : Use PathAppend() with a buffer that is less than MAX_PATH Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 675 Duplicate Operations on Resource BadSource: Open and close a file using CreateFile() and CloseHandle() GoodSource: Open a file using CreateFile() Sinks: GoodSink: Do nothing BadSink : Close the file Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in ...

CWE: 36 Absolute Path Traversal BadSource: console Read input from the console GoodSource: Full path and file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different s...

CWE: 328 Reversible One Way Hash Sinks: SHA1 GoodSink: Use SHA-512 as a hashing algorithm BadSink : Use SHA1 as a hashing algorithm Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 327 Use of a Broken or Risky Cryptographic Algorithm Sinks: DES GoodSink: Use AES for decryption BadSink : Use DES for decryption Flow Variant: 18 Control flow: goto statements

CWE: 325 Missing Required Cryptographic Step Sinks: CryptHashData GoodSink: All required cryptographic steps are present BadSink : Missing call to CryptHashData() Flow Variant: 01 Baseline

CWE: 284 Improper Access Control Sinks: CreateWindowStation GoodSink: Create a windows station using CreateWindowStationW() without excessive privileges BadSink : Create a windows station using CreateWindowStationW() with excessive privileges Flow Variant: 12 Control flow: if(globalReturnsTru...

CWE: 272 Least Privilege Violation Sinks: RegOpenKeyEx GoodSink: Open a registry key using RegOpenKeyExW() and HKEY_CURRENT_USER BadSink : Open a registry key using RegOpenKeyExW() and HKEY_LOCAL_MACHINE Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from a file and decrypt it Sinks: GoodSink: Decrypt the password then authenticate the user using LogonUserA() BadSink : Authenticate the user using LogonUserA() Flow Variant: 05 C...

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 17 Control flow: for loops

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fif...

CWE: 15 External Control of System or Configuration Setting BadSource: Get the hostname from a network socket GoodSource: Get the hostname from a string literal Sinks: BadSink : Set the hostname Flow Variant: 64 Data flow: void pointer to data passed from one function to another in differen...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 21 Control flow: Flow controlled by value ...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 13 Control flow: if(GLOBAL_CON...

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)