CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: execl BadSink : execute command with execl Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 81 Data flow: data passed in a parameter to an virtual method called via a reference

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new [] GoodSource: Allocate data using malloc() Sinks: GoodSink: Deallocate data using delete [] BadSink : Deallocate data using free() Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 16 Control flow: while(1)

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 253 Incorrect Check of Return Value Sinks: snprintf GoodSink: Correctly check if snprintf() failed BadSink : Incorrectly check if snprintf() failed Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 42 Data flow: d...

CWE: 257 Storing passwords in a recoverable format BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: GoodSink: one-way hash instead of symmetric crypto BadSink : symmetric encryption with an easy key Flow Variant: 66 Data flow: data ...

CWE: 191 Integer Underflow BadSource: getParameterServlet Read data from a querystring using getParameter GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: subtract GoodSink: Ensure there will not be an underflow before performing the subtraction BadSink : Unchecked subt...

CWE: 190 Integer Overflow BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: square GoodSink: Ensure there will not be an overflow before performing the squaring operation BadSink : Unchecked squaring operat...

CWE: 134 Uncontrolled Format String BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: format GoodSink: dynamic formatted stdout with string defined BadSink : dynamic formatted stdout without validation Flow Variant: 11 Control flow: if(IO...

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 66 Data flow: data passed in an array from one function ...

CWE: 762 Mismatched Memory Management Routines BadSource: realloc Allocate data using realloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 464 Insertion of Data Structure Sentinel BadSource: Read in data from the console and convert to an int GoodSource: Set data to a fixed char Sink: BadSink : Place data into and print an array Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 401 Memory Leak BadSource: realloc Allocate data using realloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three differe...

CWE: 400 Resource Exhaustion BadSource: fscanf Read data from the console using fscanf() GoodSource: Assign count to be a relatively small number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop variant in a for loop ...

CWE: 369 Divide By Zero BadSource: fscanf Read data from the console using fscanf() GoodSource: Non-zero Sink: divide BadSink : Divide a constant by data Flow Variant: 07 Control flow: if(static_five==5) and if(static_five!=5)

CWE: 23 Relative Path Traversal BadSource: fromConsole Read input from the console GoodSource: File name without a period or slash Sinks: fopen BadSink : Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same function)

CWE: 23 Relative Path Traversal BadSource: fromConsole Read input from the console GoodSource: File name without a period or slash Sink: w32CreateFile BadSink : Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 194 Unexpected Sign Extension BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sinks: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 45 Data flow: data passed as a static global variable from one function to anoth...

CWE: 187 Partial Comparison BadSource: substring Provide a password that is a shortened version of the actual password GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use wcsncmp() to do password match, but use the length of t...

CWE: 187 Partial Comparison BadSource: Environment Read input from an environment variable GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use wcsncmp() to do password match, but use the length of the user password Flow Varia...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 01 Baseline

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy string to data using strncpy Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the s...