CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32_spawnv BadSink : execute command with wspawnv Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: w32_execvp BadSink : execute command with wexecvp Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sink: w32_execvp BadSink : execute command with execvp Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sinks: w32_execv BadSink : execute command with execv Flow Variant: 73 Data flow: data passed in a list from one function to another in different source files

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: snprintf BadSink : Copy data to string using snprintf Flow Variant: 42 Data flow: data returned from one function to another in the same source file

CWE: 90 LDAP Injection BadSource: environment Read input from an environment variable GoodSource: Use a fixed string Sink: BadSink : data concatenated into LDAP search, which could result in LDAP Injection Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 785 Path Manipulation Function Without Max Sized Buffer Sinks: GoodSink: Ensure the path parameter is MAX_PATH BadSink : Use PathAppend() with a buffer that is less than MAX_PATH Flow Variant: 01 Baseline

CWE: 675 Duplicate Operations on Resource BadSource: Open and close a file using CreateFile() and CloseHandle() GoodSource: Open a file using CreateFile() Sinks: GoodSink: Do nothing BadSink : Close the file Flow Variant: 01 Baseline

CWE: 615 Information Exposure by Comment Sinks: GoodSink: Do not place username and password in comment BadSink : Information exposure by comment Flow Variant: 17 Control flow: for loops

CWE: 36 Absolute Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Full path and file name Sink: open BadSink : Open the file named in data using open() Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 36 Absolute Path Traversal BadSource: environment Read input from an environment variable GoodSource: Full path and file name Sink: ifstream BadSink : Open the file named in data using ifstream::open() Flow Variant: 53 Data flow: data passed as an argument from one function through two ...

CWE: 321 Use of Hard-coded Cryptographic Key BadSource: Copy a hardcoded value into cryptoKey GoodSource: Read cryptoKey from the console Sinks: BadSink : Hash cryptoKey and use the value to encrypt a string Flow Variant: 84 Data flow: data passed to class constructor and destructor by decl...

CWE: 321 Use of Hard-coded Cryptographic Key BadSource: Copy a hardcoded value into cryptoKey GoodSource: Read cryptoKey from the console Sink: BadSink : Hash cryptoKey and use the value to encrypt a string Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 319 Cleartext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sinks: GoodSink: Decrypt the password before using it in an authentication API ...

CWE: 273 Improper Check for Dropped Privileges Sinks: ImpersonateNamedPipeClient GoodSink: Check if ImpersonateNamedPipeClient() succeeded or not BadSink : Failed to check return status of ImpersonateNamedPipeClient() Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 272 Least Privilege Violation Sinks: RegOpenKeyEx GoodSink: Open a registry key using RegOpenKeyExW() and HKEY_CURRENT_USER BadSink : Open a registry key using RegOpenKeyExW() and HKEY_LOCAL_MACHINE Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 252 Unchecked Return Value Sinks: w32CreateNamedPipe GoodSink: Check the return value of CreateNamedPipeW() and handle it properly BadSink : Do not check if CreateNamedPipeW() fails Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 23 Relative Path Traversal BadSource: file Read input from a file GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 23 Relative Path Traversal BadSource: environment Read input from an environment variable GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 62 Data flow: data flows using a C++ reference from one function to ano...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sinks: open BadSink : Open the file named in data using open() Flow Variant: 82 Data flow: data passed in a parameter to a virtual method called via a po...

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Use a fixed file name Sinks: fopen BadSink : Open the file named in data using fopen() Flow Variant: 82 Data flow: data passed in a parameter to a virtual method called via a ...

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)

CWE: 23 Relative Path Traversal BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Use a fixed file name Sink: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)

CWE: 23 Relative Path Traversal BadSource: console Read input from the console GoodSource: Use a fixed file name Sinks: w32CreateFile BadSink : Open the file named in data using CreateFile() Flow Variant: 74 Data flow: data passed in a map from one function to another in different source files

CWE: 114 Process Control BadSource: relativePath Hard code the relative pathname to the library GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 17 Control flow: for loops