CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy twoIntsStruct array to data using memmove Flow Variant: 32 Data flow using two pointers to the same value within the same function

The test case shows how it is easy to get a buffer overflow if a string function is misused.

CWE: 90 LDAP Injection BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded string BadSink: unchecked data leads to LDAP injection Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.static_f)

CWE: 90 LDAP Injection BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string BadSink: unchecked data leads to LDAP injection Flow Variant: 06 Control flow: if(private_final_five==5) and if(private_final_five!=5)

CWE: 90 LDAP Injection BadSource: Environment Read a string from an environment variable GoodSource: A hardcoded string Sinks: BadSink : unchecked data leads to LDAP injection Flow Variant: 53 Data flow: data passed as an argument from one method to another to another in three different clas...

CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1) BadSource: getCookiesServlet Read data from the first cook...

CWE: 789 Uncontrolled Memory Allocation BadSource: Environment Read data from an environment variable GoodSource: A hardcoded non-zero, non-min, non-max, even number BadSink: HashMap Create a HashMap using data as the initial size Flow Variant: 01 Baseline

CWE: 615 Information Leak by Comment Sinks: GoodSink: no disclosure of username and password BadSink : disclose username and password Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.static_f)

CWE: 486 Compare Classes by Name Sinks: GoodSink: properly compare class BadSink : compare class to string Flow Variant: 06 Control flow: if(private_final_five==5) and if(private_final_five!=5)

CWE: 369 Divide by zero BadSource: random Set data to a random value GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: modulo GoodSink: Check for zero before modulo BadSink : Modulo by a value that may be zero Flow Variant: 04 Control flow: if(private_final_t) and if(pr...

CWE: 257 Storing passwords in a recoverable format BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: GoodSink: one-way hash instead of symmetric crypto BadSink : symmetric encryption with an easy key Flow Variant: 68 Data flow: data pass...

CWE: 134 Uncontrolled Format String BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: format GoodSink: dynamic formatted stdout with string defined BadSink : dynamic formatted stdout without validation Flow Variant: 61 Data flow: dat...

CWE: 134 Uncontrolled Format String BadSource: URLConnection Read a string from a web server with URLConnection GoodSource: A hardcoded string Sinks: format GoodSink: dynamic formatted stdout with string defined BadSink : dynamic formatted stdout without validation Flow Variant: 08 Control ...

CWE: 690 Unchecked Return Value To NULL Pointer BadSource: calloc Allocate data using calloc() Sinks: GoodSink: Check to see if the data allocation failed and if not, use data BadSink : Don't check for NULL and use data Flow Variant: 42 Data flow: data returned from one function to another i...

CWE: 590 Free of Invalid Pointer Not on the Heap BadSource: declare Data buffer is declared on the stack GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 416 Use After Free BadSource: Allocate data using new, initialize memory block, and Deallocate data using delete GoodSource: Allocate data using new and initialize memory block Sinks: GoodSink: Do nothing BadSink : Use data after free() Flow Variant: 17 Control flow: for loops

CWE: 377 Insecure Temporary File Sinks: tempnam GoodSink: Create and open a temporary file, created with _wtempnam(), more securely BadSink : Create and open a temporary file, created with _wtempnam(), insecurely Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 369 Divide By Zero BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Non-zero Sink: modulo BadSink : Modulo a constant with data Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different source files

CWE: 253 Incorrect Check of Return Value Sinks: w32ImpersonateNamedPipeClient GoodSink: Correctly check if ImpersonateNamedPipeClient() failed BadSink : Incorrectly check if ImpersonateNamedPipeClient() failed Flow Variant: 07 Control flow: if(static_five==5) and if(static_five!=5)

CWE: 191 Integer Underflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Small, non-zero Sinks: GoodSink: Ensure there is no underflow before performing the subtraction BadSink : Subtract 1 from data Flow Variant: 53 Data flow: data passed as an argument from one f...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Small, non-zero Sinks: multiply GoodSink: Ensure there is no overflow before performing the multiplication BadSink : Multiply data by 2 Flow Variant: 10 Control flow: if(global_t) and if(global_f)

CWE: 134 Uncontrolled Format String BadSource: fromConsole Read input from the console GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfwprintf with a format string BadSink : vfwprintf without a format string Flow Variant: 06 Control flow: if(static_const_five==5) and i...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cat BadSink : Copy string to data using wcscat Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files