CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: w32spawnl BadSink : execute command with wspawnl Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sinks: w32_spawnlp BadSink : execute command with wspawnlp Flow Variant: 61 Data flow: data returned from one function to another in different source files

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: w32_execvp BadSink : execute command with execvp Flow Variant: 61 Data flow: data returned from one function to another in different source files

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_spawnv BadSink : execute command with spawnv Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument Flow Variant: 33 Data flo...

CWE: 90 LDAP Injection BadSource: file Read input from a file GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 90 LDAP Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed string Sinks: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 67 Data flow: data passed in a struct from one function to an...

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sink: fopen BadSink : Open the file named in data using fopen() Flow Variant: 17 Control flow: for loops

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: connect_socket Read the password using a connect socket (client side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication AP...

CWE: 272 Least Privilege Violation Sinks: RegCreateKeyEx GoodSink: Create a registry key using RegCreateKeyExW() and HKEY_CURRENT_USER BadSink : Create a registry key using RegCreateKeyExW() and HKEY_LOCAL_MACHINE Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 272 Least Privilege Violation Sinks: SHRegCreateUSKey GoodSink: Create a registry key using SHRegCreateUSKeyA() and SHREGSET_HKCU BadSink : Create a registry key using SHRegCreateUSKeyA() and SHREGSET_HKLM Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 81 Data flow: data passed in a parameter to a virtual method ca...

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sinks: fopen BadSink : Open the file named in data using fopen() Flow Variant: 72 Data flow: data passed in a vector from one function to another in different source files

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 53 Data flow: data passed as an argument from one function thr...

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 41 Data flow: data passed as an argument from one function to another in...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 16 Control flow: while(1)

CWE: 226 Sensitive Information Uncleared Before Release Sinks: alloca GoodSink: Clear the password buffer before releasing the memory from the stack BadSink : Release password from the stack without first clearing the buffer Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(global...

CWE: 15 External Control of System or Configuration Setting BadSource: Get the hostname from a network socket GoodSource: Get the hostname from a string literal Sink: BadSink : Set the hostname Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: w32_vsnprintf GoodSink: vsnprintf with a format string BadSink : vsnprintf without a format string Flow Variant: 72 Data flow: data p...

CWE: 114 Process Control BadSource: environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the...

CWE: 114 Process Control BadSource: environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different s...

CWE: 114 Process Control BadSource: console Read input from the console GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file