CWE: 328 Reversible One Way Hash Sinks: MD5 GoodSink: Use SHA-512 as a hashing algorithm BadSink : Use MD5 as a hashing algorithm Flow Variant: 17 Control flow: for loops

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: connect_socket Read the password using a connect socket (client side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication AP...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: connect_socket Read the password using a connect socket (client side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication AP...

CWE: 284 Improper Access Control Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyW() without excessive privileges BadSink : Create a registry key using SHRegCreateUSKeyW() with excessive privileges Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATI...

CWE: 272 Least Privilege Violation Sinks: SHRegOpenUSKey GoodSink: Open a registry key using SHRegOpenUSKeyW() and HKEY_CURRENT_USER BadSink : Open a registry key using SHRegOpenUSKeyW() and HKEY_LOCAL_MACHINE Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 272 Least Privilege Violation Sinks: CreateProcessAsUser GoodSink: Create a process using CreateProcessAsUserA() with quotes for the executable path BadSink : Create a process using CreateProcessAsUserA() without quotes for the executable path Flow Variant: 07 Control flow: if(staticFive...

CWE: 272 Least Privilege Violation Sinks: CreateProcessAsUser GoodSink: Create a process using CreateProcessAsUserA() with quotes for the executable path BadSink : Create a process using CreateProcessAsUserA() without quotes for the executable path Flow Variant: 04 Control flow: if(STATIC_CON...

CWE: 259 Use of Hard-coded Password BadSource: Use a hardcoded password GoodSource: Read the password from the console Sinks: BadSink : Authenticate the user using LogonUserW() Flow Variant: 72 Data flow: data passed in a vector from one function to another in different source files

CWE: 253 Incorrect Check of Return Value Sinks: RpcImpersonateClient GoodSink: Correctly check if RpcImpersonateClient() fails BadSink : Incorrectly check if RpcImpersonateClient() fails Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the...

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 81 Data flow: data passed in a parameter to a virtual method called via a refe...

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sinks: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 44 Data/control flow: data passed as an argument from one function to a ...

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sink: fopen BadSink : Open the file named in data using fopen() Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 226 Sensitive Information Uncleared Before Release Sinks: alloca GoodSink: Clear the password buffer before releasing the memory from the stack BadSink : Release password from the stack without first clearing the buffer Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_C...

CWE: 223 Omission of Security Relevant Information Sinks: GoodSink: Log the username BadSink : Username is not logged Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 176 Improper Handling of Unicode Encoding BadSource: Initialize data as a large unicode string GoodSource: Initialize data as a small unicode string Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfwprintf with a format string BadSink : vfwprintf without a format string Flow Variant: 74 Data flow: data passed in a map ...

CWE: 114 Process Control BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 01 Baseline

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 114 Process Control BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink functions are ...

CWE: 114 Process Control BadSource: console Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 16 Control flow: while(1)