CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: w32_spawnv BadSink : execute command with wspawnv Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in the same source file...

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sinks: w32_spawnlp BadSink : execute command with wspawnlp Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the class object on the heap and deleting i...

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Fixed string Sink: w32_spawnlp BadSink : execute command with spawnlp Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source ...

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 61 Data flow: data returned from one function to another in different source files

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 90 LDAP Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 54 Data flow: data passed as an argument from one function throu...

CWE: 90 LDAP Injection BadSource: file Read input from a file GoodSource: Use a fixed string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 61 Data flow: data returned from one function to another in different source files

CWE: 780 Use of RSA Algorithm Without OAEP Sinks: GoodSink: Use RSA with OAEP BadSink : Use RSA without OAEP Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 690 Unchecked Return Value To NULL Pointer BadSource: w32_wfopen Open data with wfopen() Sinks: 0 GoodSink: Check data for NULL BadSink : Do not check data for NULL Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different source files

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using CreateFile() Sinks: fclose GoodSink: Close the file using CloseHandle() BadSink : Close the file using fclose() Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the...

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 45 Data flow: data passed as a static global variable from on...

CWE: 36 Absolute Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Full path and file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 74 Data flow: data passed in a map from one function to another in differe...

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 73 Data flow: data passed in a list from one function to another in d...

CWE: 36 Absolute Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Full path and file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 327 Use of a Broken or Risky Cryptographic Algorithm Sinks: RC5 GoodSink: Use AES for decryption BadSink : Use RC5 for decryption Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 45 Data flow: data passed as a static global variable from one function to ano...

CWE: 23 Relative Path Traversal BadSource: file Read input from a file GoodSource: Use a fixed file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 16 Control flow: while(1)

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sink: ofstream BadSink : Open the file named in data using ofstream::open() Flow Variant: 15 Control flow: switch(6)

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another ...

CWE: 222 Truncation of Security Relevant Information Sinks: GoodSink: Log the complete username BadSink : Username is truncated before being logged Flow Variant: 01 Baseline

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 61 Data flow: data returned from one funct...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 67 Data flow: data passed in a struct from one...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 53 Data flow: data p...