CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sink: w32_spawnlp BadSink : execute command with wspawnlp Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 61 Data flow: data returned from one function to another in different source files

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sink: w32_execv BadSink : execute command with execv Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: w32_spawnv BadSink : execute command with spawnv Flow Variant: 43 Data flow: data flows using a C++ reference from one function to another in the same source file

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sinks: w32_spawnlp BadSink : execute command with spawnlp Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 90 LDAP Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 68 Data flow: data passed as a global variable from one functi...

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file handle using CreateFile() Sinks: GoodSink: Close the file handle before reusing it BadSink : Reassign the file handle before closing it Flow Variant: 21 Control flow: Flow controlled by value of a static...

CWE: 773 Missing Reference to Active File Descriptor or Handle BadSource: Create a file handle using CreateFile() Sinks: GoodSink: Close the file handle before reusing it BadSink : Reassign the file handle before closing it Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_...

CWE: 404 Improper Resource Shutdown or Release BadSource: freopen Open a file using freopen() Sinks: w32_close GoodSink: Close the file using fclose() BadSink : Close the file using close() Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())

CWE: 36 Absolute Path Traversal BadSource: file Read input from a file GoodSource: Full path and file name Sink: fopen BadSink : Open the file named in data using fopen() Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fifth; all five functi...

CWE: 36 Absolute Path Traversal BadSource: console Read input from the console GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in differ...

CWE: 36 Absolute Path Traversal BadSource: console Read input from the console GoodSource: Full path and file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 16 Control flow: while(1)

CWE: 36 Absolute Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 63 Data flow: pointer to data passed from one function to a...

CWE: 321 Use of Hard-coded Cryptographic Key BadSource: Copy a hardcoded value into cryptoKey GoodSource: Read cryptoKey from the console Sinks: BadSink : Hash cryptoKey and use the value to encrypt a string Flow Variant: 61 Data flow: data returned from one function to another in different...

CWE: 284 Improper Access Control Sinks: CreateFile GoodSink: Create a file using CreateFileW() without excessive privileges BadSink : Create a file using CreateFileW() with excessive privileges Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 284 Improper Access Control Sinks: CreateDesktop GoodSink: Create a desktop using CreateDesktopA() without excessive privileges BadSink : Create a desktop using CreateDesktopA() with excessive privileges Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 272 Least Privilege Violation Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyW() and SHREGSET_HKCU BadSink : Create a registry key using SHRegCreateUSKeyW() and SHREGSET_HKLM Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 272 Least Privilege Violation Sinks: RegCreateKey GoodSink: Create a registry key using RegCreateKeyW() and HKEY_CURRENT_USER BadSink : Create a registry key using RegCreateKeyW() and HKEY_LOCAL_MACHINE Flow Variant: 18 Control flow: goto statements

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sink: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 53 Data flow: data passed as an argument from one function through two ot...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 176 Improper Handling of Unicode Encoding BadSource: Initialize data as a large unicode string GoodSource: Initialize data as a small unicode string Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant...

CWE: 15 External Control of System or Configuration Setting BadSource: Get the hostname from a network socket GoodSource: Get the hostname from a string literal Sinks: BadSink : Set the hostname Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the cla...

CWE: 134 Uncontrolled Format String BadSource: environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument Flow Vari...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 73 Data flow: data passed in a list from o...