CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_execvp BadSink : execute command with wexecvp Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: w32_execvp BadSink : execute command with wexecvp Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Fixed string Sink: execl BadSink : execute command with wexecl Flow Variant: 18 Control flow: goto statements

CWE: 789 Uncontrolled Memory Allocation BadSource: fgets Read data from the console using fgets() GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with malloc() and check the size of the memory to be allocated BadSink : Allocate memory with malloc(), but incorrectl...

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new [] GoodSource: Allocate data using malloc() Sinks: GoodSink: Deallocate data using delete [] BadSink : Deallocate data using free() Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_...

CWE: 761 Free Pointer not at Start of Buffer BadSource: file Read input from a file Sinks: GoodSink: free() memory correctly at the start of the buffer BadSink : free() memory not at the start of the buffer Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 195 Signed to Unsigned Conversion Error BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sink: malloc BadSink : Allocate memory using malloc() with the size of data Flow Variant: 21 Control flow: Flow controlled by value of a static global variable. A...

CWE: 190 Integer Overflow BadSource: max Set data to the max value for int GoodSource: Set data to a small, non-zero number (two) Sinks: square GoodSink: Ensure there will not be an overflow before squaring data BadSink : Square data, which can lead to overflow Flow Variant: 53 Data flow: d...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 21 Control flow: Flow controlled by value of a static global variable....

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 121 Stack Based Buffer Overflow BadSource: Void pointer to a wchar_t array GoodSource: Void pointer to a char array Sinks: GoodSink: Allocate memory using wcslen() and copy data BadSink : Allocate memory using strlen() and copy data Flow Variant: 44 Data/control flow: data passed as a...

CWE: 760 Use of one-way hash with a predictable salt BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: GoodSink: use a sufficiently random salt BadSink : SHA512 with a predictable salt Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 470 Unsafe Reflection BadSource: listen_tcp Read data using a listening tcp connection GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 61 Data flow: data returned from one method to another ...

CWE: 191 Integer Underflow BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: subtract GoodSink: Ensure there will not be an underflow before performing the subtraction BadSink : Unchecked subtraction can le...

CWE: 190 Integer Overflow BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: multiply GoodSink: Ensure there will not be an overflow before performing the multiplication BadSink : Unchecked multiplication, whic...

CWE: 789 Uncontrolled Memory Allocation BadSource: fgets Read data from the console using fgets() GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with new [] and check the size of the memory to be allocated BadSink : Allocate memory with new [], but incorrectly ch...

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_re...

CWE: 617 Reachable Assertion BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Number greater than ASSERT_VALUE Sinks: BadSink : Assert if n is less than ASSERT_VALUE Flow Variant: 44 Data/control flow: data passed as an argument from one function to a func...

CWE: 415 Double Free BadSource: Allocate data using new and Deallocae data using delete GoodSource: Allocate data using new Sinks: GoodSink: do nothing BadSink : Deallocate data using delete Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using CreateFile() Sinks: fclose GoodSink: Close the file using CloseHandle() BadSink : Close the file using fclose() Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: w32CloseHandle GoodSink: Close the file using close() BadSink : Close the file using CloseHandle Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source ...

CWE: 197 Numeric Truncation Error BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Less than CHAR_MAX Sink: to_short BadSink : Convert data to a short Flow Variant: 18 Control flow: goto statements

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: memmove BadSink : Copy long long array to data using memmove Flow Variant: 17 Control flow: for loops

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using strcat Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)