CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sink: w32spawnl BadSink : execute command with wspawnl Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sinks: execl BadSink : execute command with wexecl Flow Variant: 81 Data flow: data passed in a parameter to an virtual method called via a reference

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: w32_spawnv BadSink : execute command with wspawnv Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same source file

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: w32_execv BadSink : execute command with wexecv Flow Variant: 73 Data flow: data passed in a list from one function to another in different source files

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: w32_spawnvp BadSink : execute command with wspawnvp Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: w32_execv BadSink : execute command with wexecv Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sink: w32spawnl BadSink : execute command with spawnl Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32_spawnlp BadSink : execute command with spawnlp Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: w32_execv BadSink : execute command with execv Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 775 Missing Release of File Descriptor or Handle After Effective Lifetime BadSource: Open a file using CreateFile() Sinks: GoodSink: Close the file using CloseHandle() BadSink : Do not close file Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 506 Embedded Malicious Code Sinks: file_attrib_accessed GoodSink: Do not modify the files last accessed time attribute BadSink : Modify the files last accessed time attribute Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 72 Data flow: data passed in a vector from one function to another in different sour...

CWE: 36 Absolute Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Full path and file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 21 Control flow: Flow controlled by value of a static global v...

CWE: 36 Absolute Path Traversal BadSource: file Read input from a file GoodSource: Full path and file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 284 Improper Access Control Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyA() without excessive privileges BadSink : Create a registry key using SHRegCreateUSKeyA() with excessive privileges Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 259 Use of Hard-coded Password BadSource: Use a hardcoded password GoodSource: Read the password from the console Sink: BadSink : Authenticate the user using LogonUserW() Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sinks: fopen BadSink : Open the file named in data using fopen() Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 01 Baseline

CWE: 15 External Control of System or Configuration Setting BadSource: Get the hostname from a network socket GoodSource: Get the hostname from a string literal Sinks: BadSink : Set the hostname Flow Variant: 83 Data flow: data passed to class constructor and destructor by declaring the cla...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 05 Control flow: if(staticTrue) and if(sta...

CWE: 134 Uncontrolled Format String BadSource: file Read input from a file GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 43 Data flow: data flows using a C++ reference from on...

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function i...

CWE: 114 Process Control BadSource: environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 22 Control flow: Flow controlled by value of a global variable. Sink functions are in a sep...