CWE: 675 Duplicate Operations on Resource BadSource: Open and close a file using CreateFile() and CloseHandle() GoodSource: Open a file using CreateFile() Sinks: GoodSink: Do nothing BadSink : Close the file Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 666 Operation on Resource in Wrong Phase of Lifetime Sinks: accept_listen_bind GoodSink: Create a listen socket correctly by placing bind(), listen(), and accept() in the correct order BadSink : Attempt to accept(), listen(), then bind() Flow Variant: 04 Control flow: if(static_const_t) ...

CWE: 665 Improper Initialization BadSource: Do not initialize data properly GoodSource: Initialize data Sinks: cat BadSink : Copy string to data using wcscat Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different source file called via ...

CWE: 590 Free of Invalid Pointer Not on the Heap BadSource: alloca Data buffer is allocated on the stack with alloca() GoodSource: Allocate memory on the heap Sink: BadSink : Print then free data Flow Variant: 52 Data flow: data passed as an argument from one function to another to another i...

CWE: 590 Free of Invalid Pointer Not on the Heap BadSource: static Data buffer is declared static on the stack GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 457 Use of Uninitialized Variable BadSource: partial_init Initialize part, but not all of the array GoodSource: Initialize data Sinks: use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 415 Double Free BadSource: Allocate data using new and Deallocae data using delete GoodSource: Allocate data using new Sinks: GoodSink: do nothing BadSink : Deallocate data using delete Flow Variant: 19 Control flow: Dead code after a return

CWE: 401 Memory Leak BadSource: malloc Allocate data using malloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 401 Memory Leak BadSource: Allocate data using new[] GoodSource: Point data to a stack buffer Sinks: GoodSink: call delete[] on data BadSink : no deallocation of data Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 401 Memory Leak BadSource: Allocate data using new[] GoodSource: Point data to a stack buffer Sinks: GoodSink: call delete[] on data BadSink : no deallocation of data Flow Variant: 18 Control flow: goto statements

CWE: 401 Memory Leak BadSource: malloc Allocate data using malloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 369 Divide By Zero BadSource: rand Set data to result of rand(), which may be zero GoodSource: Non-zero Sink: modulo BadSink : Modulo a constant with data Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different source files

CWE: 23 Relative Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: File name without a period or slash Sink: fopen BadSink : Flow Variant: 07 Control flow: if(static_five==5) and if(static_five!=5)

CWE: 226 Sensitive Information Uncleared Before Release Sinks: w32alloca GoodSink: Clear the password buffer before releasing the memory from the stack BadSink : Release password from the stack without first clearing the buffer Flow Variant: 18 Control flow: goto statements

CWE: 195 Signed to Unsigned Conversion BadSource: rand Set data to result of rand(), which may be zero GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 195 Signed to Unsigned Conversion BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: memmove BadSink : Copy strings using memmove() with the length of data Flow Variant: 42 Data flow: data returned from one function to another in th...

CWE: 187 Partial Comparison BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Provide a matching password Sinks: ncmp_correct_pw GoodSink: Compare the 2 passwords correctly BadSink : use strncmp() to do password match, but use the length of the correct pass...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with "%s" as the third argument and data as the fourth BadSink : snprintf with data as the third argument ...

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 01 Baseline

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 68 Data flow: data passed as a global variable from one function to ...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 12 Control flow: if(global_returns_t_or_f())

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: snprintf BadSink : Copy data to string using snprintf Flow Variant: 05 Control flow: if(static_t) and if(static_f)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sinks: memcpy BadSink : Copy twointsclass array to data using memcpy Flow Variant: 66 Data flow: data passed in ...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using strcat Flow Variant: 18 Control flow: goto statements

CWE: 114 Process Control BadSource: Environment Read input from an environment variable GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 66 Data flow: data passed in an array from one function to another in different source files