CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sinks: execl BadSink : execute command with wexecl Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the class object on the stack

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32spawnl BadSink : execute command with wspawnl Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32_spawnv BadSink : execute command with wspawnv Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_spawnlp BadSink : execute command with wspawnlp Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source files

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sink: w32_execv BadSink : execute command with execv Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32_execv BadSink : execute command with execv Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 90 LDAP Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 54 Data flow: data passed as an argument from one function throu...

CWE: 90 LDAP Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 427 Uncontrolled Search Path Element BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a hardcoded path Sinks: BadSink : Set the environment variable Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 66 Data flow: data passed in an array from one function to another in differ...

CWE: 36 Absolute Path Traversal BadSource: file Read input from a file GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 68 Data flow: data passed as a global variable from one function to another in differ...

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in t...

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 51 Data flow: data passed as an argument from one function to another i...

CWE: 36 Absolute Path Traversal BadSource: console Read input from the console GoodSource: Full path and file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 36 Absolute Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Full path and file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 53 Data flow: data passed as an argument from one function through two othe...

CWE: 327 Use of a Broken or Risky Cryptographic Algorithm Sinks: RC5 GoodSink: Use AES for decryption BadSink : Use RC5 for decryption Flow Variant: 17 Control flow: for loops

CWE: 272 Least Privilege Violation Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyA() and SHREGSET_HKCU BadSink : Create a registry key using SHRegCreateUSKeyA() and SHREGSET_HKLM Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 259 Use of Hard-coded Password BadSource: Use a hardcoded password GoodSource: Read the password from the console Sink: BadSink : Authenticate the user using LogonUserW() Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 23 Relative Path Traversal BadSource: file Read input from a file GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink functions are in a separate...

CWE: 226 Sensitive Information Uncleared Before Release Sinks: alloca GoodSink: Clear the password buffer before releasing the memory from the stack BadSink : Release password from the stack without first clearing the buffer Flow Variant: 16 Control flow: while(1)

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 32 Data flow using two poi...

CWE: 114 Process Control BadSource: environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 114 Process Control BadSource: environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 03 Control flow: if(5==5) and if(5!=5)