CWE: 588 Attempt to Access Child of a Non Structure Type BadSource: Void pointer to an int GoodSource: Void pointer to a twoints struct Sink: BadSink : Print data Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 457 Use of Uninitialized Variable BadSource: partial_init Initialize part, but not all of the array GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 10 Control flow: if(global_t) and if(global_f)

CWE: 427 Uncontrolled Search Path Element BadSource: Environment Read input from an environment variable GoodSource: Use a hardcoded path Sink: BadSink : Set the environment variable Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 404 Improper Resource Shutdown or Release BadSource: freopen Open a file using freopen() Sinks: w32CloseHandle GoodSink: Close the file using fclose() BadSink : Close the file using CloseHandle Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 390 Detection of Error Condition Without Action Sinks: snprintf GoodSink: Check if snwprintf() failed and handle errors properly BadSink : Check to see if snwprintf() failed, but do nothing about it Flow Variant: 17 Control flow: for loops

CWE: 390 Detection of Error Condition Without Action Sinks: realloc GoodSink: Check to see if realloc() failed, and handle errors properly BadSink : Check to see if realloc() failed, but fail to handle errors Flow Variant: 07 Control flow: if(static_five==5) and if(static_five!=5)

CWE: 377 Insecure Temporary File Sinks: w32GetTempFileName GoodSink: Create and open a temporary file, created with GetTempFileNameW(), insecurely BadSink : Create and open a temporary file, created with GetTempFileNameW(), insecurely Flow Variant: 15 Control flow: switch(6)

CWE: 36 Absolute Path Traversal BadSource: fromConsole Read input from the console GoodSource: Full path and file name Sink: w32CreateFile BadSink : Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 369 Divide By Zero BadSource: fscanf Read data from the console using fscanf() GoodSource: Non-zero Sink: modulo BadSink : Modulo a constant with data Flow Variant: 18 Control flow: goto statements

CWE: 253 Incorrect Check of Return Value Sinks: w32CreateNamedPipe GoodSink: Correctly check if CreateNamedPipeA() failed BadSink : Incorrectly check if CreateNamedPipeA() failed Flow Variant: 15 Control flow: switch(6)

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: File name without a period or slash Sink: w32CreateFile BadSink : Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fifth; all...

CWE: 195 Signed to Unsigned Conversion BadSource: fgets Read data from the console using fgets() GoodSource: Positive integer Sink: malloc BadSink : Allocate memory using malloc() with the size of data Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Small, non-zero Sinks: multiply GoodSink: Ensure there is no overflow before performing the multiplication BadSink : Multiply data by 2 Flow Variant: 52 Data flow: data passed as an argument from...

CWE: 187 Partial Comparison BadSource: fromConsole Read input from the console GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use wcsncmp() to do password match, but use the length of the user password Flow Variant: 15 Contr...

CWE: 187 Partial Comparison BadSource: fromConsole Read input from the console GoodSource: Provide a matching password Sinks: ncmp_correct_pw GoodSink: Compare the 2 passwords correctly BadSink : use wcsncmp() to do password match, but use the length of the correct password Flow Variant: 09...

CWE: 187 Partial Comparison BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use strncmp() to do password match, but use the length of the user password Fl...

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: printf GoodSink: printf with "%s" as the first argument and data as the second BadSink : printf with only data as an argument Flow Vari...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 15 Control flow: switch(6)

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using strcpy Flow Variant: 41 Data flow: data passed as an argument from one function to another i...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a differen...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three diff...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: snprintf BadSink : Copy data to string using snprintf Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: snprintf BadSink : Copy string to data using snwprintf Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: snprintf BadSink : Copy string to data using snwprintf Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 05 Control flow: if(static_t) and if(static_f)