CWE: 762 Mismatched Memory Management Routines BadSource: malloc Allocate data using malloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_re...

CWE: 761 Free Pointer Not At Start of Buffer BadSource: fixed_string Initialize data to be a fixed string Sinks: GoodSink: free() memory correctly at the start of the buffer BadSink : free() memory not at the start of the buffer Flow Variant: 67 Data flow: data passed in a struct from one fu...

CWE: 617 Reachable Assertion BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Number greater than ASSERT_VALUE Sinks: BadSink : Assert if n is less than ASSERT_VALUE Flow Variant: 44 Data/control flow: data passed as an argument from one function to a func...

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : Initialize and use data Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 415 Double Free BadSource: Allocate data using new and Deallocae data using delete GoodSource: Allocate data using new Sinks: GoodSink: do nothing BadSink : Deallocate data using delete Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using CreateFile() Sinks: fclose GoodSink: Close the file using CloseHandle() BadSink : Close the file using fclose() Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 404 Improper Resource Shutdown or Release BadSource: Open a file using open() Sinks: w32CloseHandle GoodSink: Close the file using close() BadSink : Close the file using CloseHandle Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source ...

CWE: 197 Numeric Truncation Error BadSource: fgets Read data from the console using fgets() GoodSource: Less than CHAR_MAX Sinks: BadSink : Convert data to a char Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different source file called ...

CWE: 197 Numeric Truncation Error BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Less than CHAR_MAX Sink: to_short BadSink : Convert data to a short Flow Variant: 18 Control flow: goto statements

CWE: 190 Integer Overflow BadSource: fixed Fixed value GoodSource: Small, non-zero Sinks: multiply GoodSink: Ensure there is no overflow before performing the multiplication BadSink : Multiply data by 2 Flow Variant: 18 Control flow: goto statements

CWE: 190 Integer Overflow BadSource: fixed Fixed value GoodSource: Small, non-zero Sinks: add GoodSink: Ensure there is no overflow before performing the addition BadSink : Add 1 to data Flow Variant: 12 Control flow: if(global_returns_t_or_f())

CWE: 187 Partial Comparison BadSource: Environment Read input from an environment variable GoodSource: Provide a matching password Sinks: ncmp_correct_pw GoodSink: Compare the 2 passwords correctly BadSink : use wcsncmp() to do password match, but use the length of the correct password Flow...

CWE: 187 Partial Comparison BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Provide a matching password Sinks: str GoodSink: Compare the 2 passwords correctly BadSink : use strstr() to do password match, which is a partial comparison Flow Variant: 18 Contr...

CWE: 134 Uncontrolled Format String BadSource: fromConsole Read input from the console GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with "%s" as the third argument and data as the fourth BadSink : snwprintf with data as the third argument Flow Variant: 54 Da...

CWE: 134 Uncontrolled Format String BadSource: fromConsole Read input from the console GoodSource: Copy a fixed string into data Sinks: printf GoodSink: printf with "%s" as the first argument and data as the second BadSink : printf with only data as an argument Flow Variant: 61 Data flow: d...

CWE: 134 Uncontrolled Format String BadSource: Environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vprintf GoodSink: vprintf with a format string BadSink : vprintf without a format string Flow Variant: 31 Data flow using a copy of data within...

CWE: 129 Improper Validation of Array Index BadSource: fgets Read data from the console using fgets() GoodSource: Larger than zero but less than 10 Sinks: int GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 1...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy data to string using wcscpy Flow Variant: 32 Data flow using two pointers to the same value within the same function

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 41 Data flow: data passed as an argument from one function to another...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: ncpy BadSink : Copy string to data using strncpy Flow Variant: 61 Data flow: data returned from one function to another in differen...

CWE: 123 Write-What-Where Condition BadSource: fgets Overwrite linked list pointers using fgets GoodSource: Don't overwrite linked list pointers Sink: BadSink : Remove element from list Flow Variant: 12 Control flow: if(global_returns_t_or_f())

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: memmove BadSink : Copy long long array to data using memmove Flow Variant: 17 Control flow: for loops

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: loop BadSink : Copy data to string using a loop Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three diffe...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using strcat Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)