CWE: 690 Unchecked Return Value To NULL Pointer BadSource: fopen Open data with fopen() Sinks: 0 GoodSink: Check data for NULL BadSink : Do not check data for NULL Flow Variant: 42 Data flow: data returned from one function to another in the same source file

CWE: 672 Operation on Resource After Expiration or Release BadSource: Add values to the list, including the number zero GoodSource: Add value to the list that are not zero Sinks: GoodSink: Iterate through the list without attempting to clear its contents BadSink : Iterate through the list, ...

CWE: 457 Use of Uninitialized Variable BadSource: partial_init Initialize part, but not all of the array GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 15 Control flow: switch(6) and switch(7)

CWE: 457 Use of Uninitialized Variable BadSource: no_init Don't initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 457 Use of Uninitialized Variable BadSource: no_init Don't initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 415 Double Free BadSource: Allocate data using new and Deallocae data using delete GoodSource: Allocate data using new Sinks: GoodSink: do nothing BadSink : Deallocate data using delete Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same sou...

CWE: 401 Memory Leak BadSource: Allocate data using new[] GoodSource: Point data to a stack buffer Sinks: GoodSink: call delete[] on data BadSink : no deallocation of data Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 390 Detection of Error Condition Without Action Sinks: w32RpcImpersonateClient GoodSink: Check the return value of RpcImpersonateClient() and handle errors properly BadSink : Check the return value of RpcImpersonateClient(), but fail to handle errors Flow Variant: 11 Control flow: if(glo...

CWE: 36 Absolute Path Traversal BadSource: fromConsole Read input from the console GoodSource: Full path and file name Sink: w32CreateFile BadSink : Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 369 Divide By Zero BadSource: fgets Read data from the console using fgets() GoodSource: Non-zero Sink: divide BadSink : Divide a constant by data Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 256 Plaintext Storage of Password BadSource: Read the password from a file GoodSource: Read the password from the console Sink: BadSink : Authenticate the user using LogonUserW() Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 253 Incorrect Check of Return Value Sinks: fwrite GoodSink: Correctly check if fwrite() failed BadSink : Incorrectly check if fwrite() failed Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 195 Signed to Unsigned Conversion BadSource: fgets Read data from the console using fgets() GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 17 Control flow: for loops

CWE: 194 Unexpected Sign Extension BadSource: fgets Read data from the console using fgets() GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 194 Unexpected Sign Extension BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sinks: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 44 Data/control flow: data passed as an argument from one functio...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Small, non-zero Sinks: square GoodSink: Ensure there is no overflow before performing the squaring operation BadSink : Square data Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand(), which may be zero GoodSource: Small, non-zero Sinks: multiply GoodSink: Ensure there is no overflow before performing the multiplication BadSink : Multiply data by 2 Flow Variant: 17 Control flow: for loops

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sink: memcpy BadSink : Copy long long array to data using memcpy Flow Variant: 32 Data flow using two pointers t...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: memcpy BadSink : Copy string to data using memcpy Flow Variant: 65 Data/control flow: data passed a...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: snprintf BadSink : Copy string to data using snprintf Flow Variant: 13 Control flow: if(global_const...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 15 Control flow: switch(6)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy twoints array to data using memmove Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy twoints array to data using memcpy Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: snprintf BadSink : Copy string to data using snprintf Flow Variant: 17 Control flow: for loops