CWE: 606 Unchecked Input for Loop Condition BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: hardcoded int in string form Sinks: GoodSink: validate loop variable BadSink : loop variable not validated Flow Variant: 53 Data flow: data passed ...

A class defines a final static array with public protection.

CWE: 546 Suspicious Comment Sinks: bug GoodSink: does not contain suspicious comment BadSink : contains suspicious comment Flow Variant: 13 Control flow: if(IO.static_final_five==5) and if(IO.static_final_five!=5)

CWE: 134 Uncontrolled Format String BadSource: PropertiesFile Read a value from a .properties file (in property named data) GoodSource: A hardcoded string Sinks: printf GoodSink: dynamic printf format with string defined BadSink : dynamic printf without validation Flow Variant: 03 Control f...

CWE: 113 HTTP Response Splitting BadSource: listen_tcp Read data using a listening tcp connection GoodSource: A hardcoded string Sinks: addHeaderServlet GoodSink: URLEncode input BadSink : querystring to addHeader() Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 690 Unchecked Return Value To NULL Pointer BadSource: realloc Allocate data using realloc() Sinks: GoodSink: Check to see if the data allocation failed and if not, use data BadSink : Don't check for NULL and use data Flow Variant: 64 Data flow: void pointer to data passed from one funct...

CWE: 590 Free of Invalid Pointer Not on the Heap BadSource: alloca Data buffer is allocated on the stack with alloca() GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 476 NULL Pointer Dereference BadSource: Set data to NULL GoodSource: Initialize data Sink: BadSink : Print data Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 400 Resource Exhaustion BadSource: rand Set data to result of rand(), which may be zero GoodSource: Assign count to be a relatively small number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop variant in a for lo...

CWE: 390 Detection of Error Condition Without Action Sinks: puts GoodSink: Check if putws() failed and handle errors properly BadSink : Check to see if _putws() failed, but do nothing about it Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 36 Absolute Path Traversal BadSource: fromConsole Read input from the console GoodSource: Full path and file name Sinks: open BadSink : Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 253 Incorrect Check of Return Value Sinks: fwrite GoodSink: Correctly check if fwrite() failed BadSink : Incorrectly check if fwrite() failed Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 23 Relative Path Traversal BadSource: Environment Read input from an environment variable GoodSource: File name without a period or slash Sink: fopen BadSink : Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: File name without a period or slash Sink: w32CreateFile BadSink : Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all ...

CWE: 195 Signed to Unsigned Conversion BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 194 Unexpected Sign Extension BadSource: negative Set data to a fixed negative number GoodSource: Positive integer Sink: malloc BadSink : Allocate memory using malloc() with the size of data Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Small, non-zero Sinks: add GoodSink: Ensure there is no overflow before performing the addition BadSink : Add 1 to data Flow Variant: 16 Control flow: while(1) and while(0)

CWE: 190 Integer Overflow BadSource: fixed Fixed value GoodSource: Small, non-zero Sinks: multiply GoodSink: Ensure there is no overflow before performing the multiplication BadSink : Multiply data by 2 Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same ...

CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Small, non-zero Sinks: multiply GoodSink: Ensure there is no overflow before performing the multiplication BadSink : Multiply data by 2 Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 134 Uncontrolled Format String BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with "%s" as the third argument and data as the fourth BadSink : snprintf with data as the third argument F...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memmove BadSink : Copy string to data using memmove Flow Variant: 63 Data flow: pointer to data passed from one function to another...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 68 Data flow: data passed as a global va...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: snprintf BadSink : Copy data to string using snprintf Flow Variant: 18 Control flow: goto statements