CWE: 284 Improper Access Control Sinks: CreateNamedPipe GoodSink: Create a windows pipe using CreateNamedPipeW() ensuring that the pipe wont be created over an existing one BadSink : Create a windows pipe using CreateNamedPipeW() potentially allowing the pipe to be created over an existing one...

CWE: 284 Improper Access Control Sinks: CreateDesktop GoodSink: Create a desktop using CreateDesktopW() without excessive privileges BadSink : Create a desktop using CreateDesktopW() with excessive privileges Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 284 Improper Access Control Sinks: CreateNamedPipe GoodSink: Create a windows pipe using CreateNamedPipeA() ensuring that the pipe wont be created over an existing one BadSink : Create a windows pipe using CreateNamedPipeA() potentially allowing the pipe to be created over an existing one...

CWE: 273 Improper Check for Dropped Privileges Sinks: RpcImpersonateClient GoodSink: Check the return value of RpcImpersonateClient() and handle it properly BadSink : Do not check if RpcImpersonateClient() fails Flow Variant: 17 Control flow: for loops

CWE: 272 Least Privilege Violation Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyW() and SHREGSET_HKCU BadSink : Create a registry key using SHRegCreateUSKeyW() and SHREGSET_HKLM Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 272 Least Privilege Violation Sinks: CreateProcessAsUser GoodSink: Create a process using CreateProcessAsUserW() with quotes for the executable path BadSink : Create a process using CreateProcessAsUserW() without quotes for the executable path Flow Variant: 09 Control flow: if(GLOBAL_CON...

CWE: 272 Least Privilege Violation Sinks: CreateProcess GoodSink: Create a process using CreateProcessA() with quotes for the executable path BadSink : Create a process using CreateProcessA() without quotes for the executable path Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 272 Least Privilege Violation Sinks: CreateProcessAsUser GoodSink: Create a process using CreateProcessAsUserA() with quotes for the executable path BadSink : Create a process using CreateProcessAsUserA() without quotes for the executable path Flow Variant: 13 Control flow: if(GLOBAL_CON...

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from a file and decrypt it Sinks: GoodSink: Decrypt the password then authenticate the user using LogonUserW() BadSink : Authenticate the user using LogonUserW() Flow Variant: 84 D...

CWE: 253 Incorrect Check of Return Value Sinks: w32CreateMutex GoodSink: Correctly check if CreateMutexW() failed BadSink : Incorrectly check if CreateMutexW() failed Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 252 Unchecked Return Value Sinks: GoodSink: Check the return value of ImpersonateSelf() and handle it properly BadSink : Do not check if ImpersonateSelf() fails Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 72 Data flow: data passed in a vector from one function to another in differen...

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 16 Control flow: while(1)

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sink: fopen BadSink : Open the file named in data using fopen() Flow Variant: 17 Control flow: for loops

CWE: 23 Relative Path Traversal BadSource: file Read input from a file GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 81 Data flow: data passed in a parameter to a virtual method ...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 53 Data flow: data passed as an argument from one function thr...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument F...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 62 Data flow: data flo...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 17 Control flow: for loops

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 09 Control flow: if(...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: snprintf BadSink : Copy data to string using snprintf Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different ...

CWE: 114 Process Control BadSource: environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 114 Process Control BadSource: console Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 114 Process Control BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 67 Data flow: data passed in a struct from one function to another in different so...