CWE: 90 LDAP Injection BadSource: environment Read input from an environment variable GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 90 LDAP Injection BadSource: console Read input from the console GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source...

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: system BadSink : Execute command in data using system() Flow Variant: 81 Data flow: data passed in a parameter to an virtual method called via a reference

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file handle using CreateFile() Sinks: GoodSink: Close the file handle before reusing it BadSink : Reassign the file handle before closing it Flow Variant: 16 Control flow: while(1)

CWE: 675 Duplicate Operations on Resource BadSource: Open and close a file using CreateFile() and CloseHandle() GoodSource: Open a file using CreateFile() Sinks: GoodSink: Do nothing BadSink : Close the file Flow Variant: 54 Data flow: data passed as an argument from one function through t...

CWE: 615 Information Exposure by Comment Sinks: GoodSink: Do not place username and password in comment BadSink : Information exposure by comment Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data without using VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sink: BadSink : Authenticat...

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data without using VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sink: BadSink : Authenticat...

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: w32CloseHandle GoodSink: Close the file using close() BadSink : Close the file using CloseHandle Flow Variant: 42 Data flow: data returned from one function to another in the same source file

CWE: 404 Improper Resource Shutdown or Release BadSource: fopen Open a file using fopen() Sinks: w32CloseHandle GoodSink: Close the file using fclose() BadSink : Close the file using CloseHandle Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 64 Data flow: void pointer to data passed from one function t...

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 01 Baseline

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 52 Data flow: data passed as an argument from one function to another ...

CWE: 36 Absolute Path Traversal BadSource: console Read input from the console GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 36 Absolute Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Full path and file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 16 Control flow: while(1)

CWE: 284 Improper Access Control Sinks: CreateFile GoodSink: Create a file using CreateFileA() without excessive privileges BadSink : Create a file using CreateFileA() with excessive privileges Flow Variant: 17 Control flow: for loops

CWE: 272 Least Privilege Violation Sinks: RegCreateKeyEx GoodSink: Create a registry key using RegCreateKeyExA() and HKEY_CURRENT_USER BadSink : Create a registry key using RegCreateKeyExA() and HKEY_LOCAL_MACHINE Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 23 Relative Path Traversal BadSource: file Read input from a file GoodSource: Use a fixed file name Sinks: fopen BadSink : Open the file named in data using fopen() Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same function)

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sinks: ofstream BadSink : Open the file named in data using ofstream::open() Flow Variant: 81 Data flow: data passed in a parameter to a virtual method called via ...

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sink: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the class ob...

CWE: 176 Improper Handling of Unicode Encoding BadSource: Initialize data as a large unicode string GoodSource: Initialize data as a small unicode string Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant...

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 03 Control flow: if(5==5) and if(5!=5)