CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sink: w32_spawnlp BadSink : execute command with wspawnlp Flow Variant: 42 Data flow: data returned from one function to another in the same source file

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32_spawnv BadSink : execute command with wspawnv Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: w32_execvp BadSink : execute command with wexecvp Flow Variant: 16 Control flow: while(1)

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: w32spawnl BadSink : execute command with wspawnl Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: execl BadSink : execute command with execl Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 789 Uncontrolled Memory Allocation BadSource: fscanf Read data from the console using fscanf() GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with new [] and check the size of the memory to be allocated BadSink : Allocate memory with new [], but incorrectly ...

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 01 Baseline

CWE: 377 Insecure Temporary File Sinks: tempnam GoodSink: Create and open a temporary file, created with tempnam(), more securely BadSink : Create and open a temporary file, created with tempnam(), insecurely Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using strncat Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: snprintf BadSink : Copy string to data using snprintf Flow Variant: 17 Control flow: for loops

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: memmove BadSink : Copy twoIntsStruct array to data using memmove Flow Variant: 72 Data flow: data passed in a vector from one function to another in diff...

CWE: 90 LDAP Injection BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string BadSink: unchecked data leads to LDAP injection Flow Variant: 19 Control flow: Dead code after an if(true) return

CWE: 90 LDAP Injection BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string BadSink: unchecked data leads to LDAP injection Flow Variant: 42 Data flow: data returned from one method to another in the same class

CWE: 190 Integer Overflow BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: square GoodSink: Ensure there will not be an overflow before performing the squaring operation BadSink : Unchecked squaring operation,...

CWE: 190 Integer Overflow BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before performing the multiplication BadSink : Unchecked multiplication, ...

CWE: 78 OS Command Injection BadSource: Environment Read input from an environment variable GoodSource: Benign input Sinks: w32spawnv BadSink : execute command with spawnv Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same source file

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new [] GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using delete [] BadSink : Deallocate data using delete Flow Variant: 43 Data flow: data flows using a C++ reference from one function to...

CWE: 675 Duplicate Operations on Resource BadSource: Open and close a file using CreateFile() and CloseHandle() GoodSource: Open a file using CreateFile() Sinks: GoodSink: Do nothing BadSink : Close the file Flow Variant: 66 Data flow: data passed in an array from one function to another i...

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sink: BadSink : Authenticate the ...

CWE: 457 Use of Uninitialized Variable BadSource: no_init Don't initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 415 Double Free BadSource: Allocate data using malloc() and Deallocate data using free() GoodSource: Allocate data using malloc() Sinks: GoodSink: do nothing BadSink : Deallocate data using free() Flow Variant: 16 Control flow: while(1) and while(0)

CWE: 401 Memory Leak Sinks: GoodSink: Ensure the memory block pointed to by data is always freed BadSink : malloc() and use then realloc() and use data before free() Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cat BadSink : Copy data to string using strcat Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different ...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: ncpy BadSink : Copy string to data using strncpy Flow Variant: 65 Data/control flow: data passed as...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cat BadSink : Copy data to string using strcat Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same ...