CWE: 415 Double Free BadSource: Allocate data using malloc() and Deallocate data using free() GoodSource: Allocate data using malloc() Sinks: GoodSink: do nothing BadSink : Deallocate data using free() Flow Variant: 17 Control flow: for loops

CWE: 401 Memory Leak BadSource: Allocate data using new GoodSource: Allocate data on the stack Sinks: GoodSink: call delete on data BadSink : no deallocation of data Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different source files

CWE: 401 Memory Leak BadSource: Allocate data using new GoodSource: Allocate data on the stack Sinks: GoodSink: call delete on data BadSink : no deallocation of data Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 390 Detection of Error Condition Without Action Sinks: strtol GoodSink: Check to see if strtol() failed and handle errors properly BadSink : Check to see if strtol() failed, but fail to handle errors Flow Variant: 15 Control flow: switch(6)

CWE: 36 Absolute Path Traversal BadSource: fromConsole Read input from the console GoodSource: Full path and file name Sinks: fopen BadSink : Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 36 Absolute Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Full path and file name Sinks: open BadSink : Flow Variant: 44 Data/control flow: data passed as an argument from one function to a function in the same source file called via...

CWE: 252 Unchecked Return Value Sinks: snprintf GoodSink: Check if snprintf() fails BadSink : Do not check if snprintf() fails Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 197 Numeric Truncation Error BadSource: rand Set data to result of rand(), which may be zero GoodSource: Less than CHAR_MAX Sinks: to_short BadSink : Convert data to a short Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 194 Unexpected Sign Extension BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sinks: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 61 Data flow: data returned from one function to another in different source...

CWE: 193 Off by One Error Sinks: ncpy GoodSink: Use wcsncpy() to perform a string copy correctly BadSink : Use wcsncpy() to perform a string copy, but copy one too many characters Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Small, non-zero Sinks: add GoodSink: Ensure there is no overflow before performing the addition BadSink : Add 1 to data Flow Variant: 64 Data flow: void pointer to data passed from one function to another in ...

CWE: 190 Integer Overflow BadSource: rand Set data to result of rand() GoodSource: Small, non-zero Sinks: add GoodSink: Ensure there is no overflow before performing the addition BadSink : Add 1 to data Flow Variant: 16 Control flow: while(1) and while(0)

CWE: 187 Partial Comparison BadSource: fromFile Read input from a file GoodSource: Provide a matching password Sinks: ncmp_correct_pw GoodSink: Compare the 2 passwords correctly BadSink : use wcsncmp() to do password match, but use the length of the correct password Flow Variant: 66 Data fl...

CWE: 187 Partial Comparison BadSource: fromConsole Read input from the console GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use wcsncmp() to do password match, but use the length of the user password Flow Variant: 18 Contr...

CWE: 187 Partial Comparison BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Provide a matching password Sinks: str GoodSink: Compare the 2 passwords correctly BadSink : use strstr() to do password match, which is a partial comparison Flow Variant: 67 Data ...

CWE: 131 Incorrect Calculation of Buffer Size BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sink: memmove BadSink : Copy string to data using memmove() Flow Variant: 07 Control f...

CWE: 129 Improper Validation of Array Index BadSource: fgets Read data from the console using fgets() GoodSource: Larger than zero but less than 10 Sinks: int GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 1...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 32 Data flow using two pointers to the same value within the same fun...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 52 Data flow: data passed as an argument from one function to another ...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 45 Data flow: data passed as a static global variable from one function to another in the same ...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: memmove BadSink : Copy twoints array to data using memmove Flow Variant: 53 Data flow: data passed a...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memmove BadSink : Copy data to string using memmove Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files

CWE: 114 Process Control BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 05 Control flow: if(static_t) and if(static_f)