CWE: 775 Missing Release of File Descriptor or Handle After Effective Lifetime BadSource: Open a file using CreateFile() Sinks: GoodSink: Close the file using CloseHandle() BadSink : Do not close file Flow Variant: 45 Data flow: data passed as a static global variable from one function to a...

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file handle using CreateFile() Sinks: GoodSink: Close the file handle before reusing it BadSink : Reassign the file handle before closing it Flow Variant: 33 Data flow: use of a C++ reference to data within t...

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data without using VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sinks: BadSink : Authentica...

CWE: 534 Information Exposure Through Debug Log Files Sinks: GoodSink: Write to the log, but do not write the password BadSink : Write to the log and include the password Flow Variant: 16 Control flow: while(1)

CWE: 506 Embedded Malicious Code Sinks: base64_encoded_payload GoodSink: Use a plaintext payload in a system call BadSink : Use a base64 encoded payload in a system call Flow Variant: 15 Control flow: switch(6)

CWE: 506 Embedded Malicious Code Sinks: aes_encrypted_payload GoodSink: Use a plaintext payload in a system call BadSink : Use an AES encrypted payload in a system call Flow Variant: 01 Baseline

CWE: 404 Improper Resource Shutdown or Release BadSource: fopen Open a file using fopen() Sinks: w32CloseHandle GoodSink: Close the file using fclose() BadSink : Close the file using CloseHandle Flow Variant: 63 Data flow: pointer to data passed from one function to another in different sour...

CWE: 404 Improper Resource Shutdown or Release BadSource: fopen Open a file using fopen() Sinks: w32CloseHandle GoodSink: Close the file using fclose() BadSink : Close the file using CloseHandle Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 45 Data flow: data passed as a static global variable from one function to a...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 284 Improper Access Control Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyA() without excessive privileges BadSink : Create a registry key using SHRegCreateUSKeyA() with excessive privileges Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 273 Improper Check for Dropped Privileges Sinks: ImpersonateNamedPipeClient GoodSink: Check if ImpersonateNamedPipeClient() succeeded or not BadSink : Failed to check return status of ImpersonateNamedPipeClient() Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 259 Use of Hard-coded Password BadSource: Use a hardcoded password GoodSource: Read the password from the console Sink: BadSink : Authenticate the user using LogonUserA() Flow Variant: 17 Control flow: for loops

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from a file and decrypt it Sinks: GoodSink: Decrypt the password then authenticate the user using LogonUserA() BadSink : Authenticate the user using LogonUserA() Flow Variant: 64 D...

CWE: 253 Incorrect Check of Return Value Sinks: ImpersonateSelf GoodSink: Correctly check if ImpersonateSelf() fails BadSink : Incorrectly check if ImpersonateSelf() fails Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 252 Unchecked Return Value Sinks: w32CreateNamedPipe GoodSink: Check the return value of CreateNamedPipeW() and handle it properly BadSink : Do not check if CreateNamedPipeW() fails Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 252 Unchecked Return Value Sinks: GoodSink: Check the return value of ImpersonateSelf() and handle it properly BadSink : Do not check if ImpersonateSelf() fails Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 252 Unchecked Return Value Sinks: w32CreateNamedPipe GoodSink: Check the return value of CreateNamedPipeA() and handle it properly BadSink : Do not check if CreateNamedPipeA() fails Flow Variant: 17 Control flow: for loops

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sinks: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 66 Data flow: data passed in an array from one function to another in di...

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sink: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 73 Data flow: data passed in a list from one function to anot...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 63 Data flow: pointer to data passed from one function to ano...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument Flow Variant: 84 Data flo...