CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memmove BadSink : Copy string to data using memmove Flow Variant: 33 Data flow: use of a C++ reference to data within the same func...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: memcpy BadSink : Copy int64_t array to data using memcpy Flow Variant: 11 Control flow: if(globalRet...

CWE: 122 Heap Based Buffer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 65 Data/contr...

CWE: 89 SQL Injection BadSource: Environment Read a string from an environment variable GoodSource: A hardcoded string Sinks: execute GoodSink: prepared sqlstatement, single BadSink : untrusted parameter value to raw insert sqlstatement Flow Variant: 67 Data flow: data passed in a class fro...

CWE: 81 Cross Site Scripting (XSS) in Error Message BadSource: getParameterServlet Read data from a querystring using getParameter GoodSource: A hardcoded string BadSink: sendErrorServlet XSS in sendError Flow Variant: 14 Control flow: if(IO.static_five==5) and if(IO.static_five!=5)

CWE: 617 Assertion is reachable BadSource: getCookiesServlet Read data from the first cookie GoodSource: A hardcoded string BadSink: possibility of assertion being triggered Flow Variant: 05 Control flow: if(private_t) and if(private_f)

CWE: 36 Absolute Path Traversal BadSource: connect_tcp Read data using an outbound tcp connection GoodSource: A hardcoded string Sinks: readFile BadSink : read line from file from disk Flow Variant: 66 Data flow: data passed in an array from one method to another in different source files in...

CWE: 36 Absolute Path Traversal BadSource: Environment Read a string from an environment variable GoodSource: A hardcoded string BadSink: readFile read line from file from disk Flow Variant: 16 Control flow: while(true) and while(local_f)

CWE: 369 Divide by zero BadSource: zero Set data to a hardcoded value of zero GoodSource: A hardcoded non-zero, non-min, non-max, even number Sinks: divide GoodSink: Check for zero before dividing BadSink : Dividing by a value that may be zero Flow Variant: 42 Data flow: data returned from ...

CWE: 259 Hard Coded Password BadSource: hardcodedPassword Hardcoded password in String GoodSource: Password is read from stdin BadSink: driverManager password used in database connection Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 78 OS Command Injection BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Benign input Sink: execv BadSink : execute command with wexecv Flow Variant: 19 Control flow: Dead code after a return

CWE: 78 OS Command Injection BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Benign input Sink: execvp BadSink : execute command with wexecvp Flow Variant: 68 Data flow: data passed as a global variable from one function to another in different source files

CWE: 789 Uncontrolled Memory Allocation BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with new [] and check the size of the memory to be allocated BadSink : Allocate memory with new [], but i...

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new GoodSource: Allocate data using malloc() Sinks: GoodSink: Deallocate data using delete BadSink : Deallocate data using free() Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 758 Undefined Behavior Sinks: new_use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 15 Control flow: switch(6)

CWE: 467 Use of sizeof() on a Pointer Type BadSource: Initialize the source buffer using the size of a pointer GoodSource: Initialize the source buffer using the size of the DataElementType Sink: BadSink : Print then free data Flow Variant: 32 Data flow using two pointers to the same value ...

CWE: 427 Uncontrolled Search Path Element BadSource: Environment Read input from an environment variable GoodSource: Use a hardcoded path Sink: BadSink : Set the environment variable Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 401 Memory Leak BadSource: Allocate data using new GoodSource: Allocate data on the stack Sinks: GoodSink: call delete on data BadSink : no deallocation of data Flow Variant: 42 Data flow: data returned from one function to another in the same source file

CWE: 400 Resource Exhaustion BadSource: fgets Read data from the console using fgets() GoodSource: Assign count to be a relatively small number Sinks: for_loop GoodSink: Validate count before using it as the loop variant in a for loop BadSink : Use count as the loop variant in a for loop Fl...

CWE: 195 Signed to Unsigned Conversion BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 190 Integer Overflow BadSource: fixed Fixed value GoodSource: Small, non-zero Sinks: square GoodSink: Ensure there is no overflow before performing the squaring operation BadSink : Square data Flow Variant: 53 Data flow: data passed as an argument from one function through two others t...

CWE: 134 Uncontrolled Format String BadSource: fromConsole Read input from the console GoodSource: Copy a fixed string into data Sinks: vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 52 Data flow: data passed as an argument f...

CWE: 134 Uncontrolled Format String BadSource: Environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vfprintf GoodSink: vfprintf with a format string BadSink : vfprintf without a format string Flow Variant: 19 Control flow: Dead code after a re...

CWE: 129 Improper Validation of Array Index BadSource: fscanf Read data from the console using fscanf() GoodSource: Larger than zero but less than 10 Sinks: wchar_t GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Vari...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: memcpy BadSink : Copy string to data using memcpy Flow Variant: 67 Data flow: data passed in a stru...