CWE: 23 Relative Path Traversal BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: readFile BadSink : no validation Flow Variant: 53 Data flow: data passed as an argument from one method through two others to a fourth; all four functions a...

CWE: 113 HTTP Response Splitting BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 53 Data flow: data passed as an argume...

CWE: 78 OS Command Injection BadSource: fromFile Read input from a file GoodSource: Benign input Sink: w32spawnv BadSink : execute command with wspawnv Flow Variant: 17 Control flow: for loops

CWE: 672 Operation on Resource After Expiration or Release BadSource: Add values to the list, including the number zero GoodSource: Add value to the list that are not zero Sinks: GoodSink: Iterate through the list without attempting to clear its contents BadSink : Iterate through the list, ...

CWE: 591 Sensitive Data Storage in Improperly Locked Memory BadSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory GoodSource: Allocate memory for sensitive data and use VirtualLock() to lock the buffer into memory Sink: BadSink : Authenticate the ...

CWE: 590 Free of Invalid Pointer Not on the Heap BadSource: static Data buffer is declared static on the stack GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 469 Use Of Pointer Subtraction To Determine Size Sinks: wrong_ptr_print GoodSink: Subtract pointers correctly and print data BadSink : Subtract pointers to two different strings Flow Variant: 07 Control flow: if(static_five==5) and if(static_five!=5)

CWE: 457 Use of Uninitialized Variable BadSource: no_init Don't initialize data GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 63 Data flow: pointer to data passed from one function to another in different source files

CWE: 416 Use After Free BadSource: Allocate data using new, initialize memory block, and Deallocate data using delete GoodSource: Allocate data using new and initialize memory block Sinks: GoodSink: Do nothing BadSink : Use data after free() Flow Variant: 31 Data flow using a copy of data ...

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: w32CloseHandle GoodSink: Close the file using close() BadSink : Close the file using CloseHandle Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 401 Memory Leak BadSource: malloc Allocate data using malloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 401 Memory Leak BadSource: Allocate data using new[] GoodSource: Point data to a stack buffer Sinks: GoodSink: call delete[] on data BadSink : no deallocation of data Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 253 Incorrect Check of Return Value Sinks: w32CreateMutex GoodSink: Correctly check if CreateMutexW() failed BadSink : Incorrectly check if CreateMutexW() failed Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 23 Relative Path Traversal BadSource: fromConsole Read input from the console GoodSource: File name without a period or slash Sinks: fopen BadSink : Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 195 Signed to Unsigned Conversion BadSource: rand Set data to result of rand(), which may be zero GoodSource: Positive integer Sinks: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 45 Data flow: data passed as a static global variable from one funct...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Small, non-zero Sinks: add GoodSink: Ensure there is no overflow before performing the addition BadSink : Add 1 to data Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 190 Integer Overflow BadSource: fixed Fixed value GoodSource: Small, non-zero Sinks: square GoodSink: Ensure there is no overflow before performing the squaring operation BadSink : Square data Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 131 Incorrect Calculation of Buffer Size BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sinks: loop BadSink : Copy array to data using a loop Flow Variant: 61 Data flow: data...

CWE: 129 Improper Validation of Array Index BadSource: rand Set data to result of rand(), which may be zero GoodSource: Larger than zero but less than 10 Sinks: int GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Vari...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 52 Data flow: data passed as an argument from one function to another ...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 01 Baseline

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 64 Data flow: void pointer to data passed from one function to anoth...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 17 Control flow: for loops

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: snprintf BadSink : Copy data to string using snwprintf Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in t...

Unprotected string copy, unlocked shared resource, off-by-one. PLOVER: BUFF.OVER, RACE, NUM.OBO