CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using delete BadSink : Deallocate data using delete [] Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 758 Undefined Behavior Sinks: new_use GoodSink: Initialize then use data BadSink : Use data Flow Variant: 17 Control flow: for loops

CWE: 665 Improper Initialization BadSource: Do not initialize data properly GoodSource: Initialize data Sink: ncat BadSink : Copy string to data using strncat Flow Variant: 10 Control flow: if(global_t) and if(global_f)

CWE: 617 Reachable Assertion BadSource: fscanf Read data from the console using fscanf() GoodSource: Number greater than ASSERT_VALUE Sinks: BadSink : Assert if n is less than ASSERT_VALUE Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 560 Use Of umask With chmod Style Argument Sinks: GoodSink: Use umask() correctly BadSink : Use umask() incorrectly - the bits sent to umask() are bitwise-negated Flow Variant: 19 Control flow: Dead code after a return

CWE: 469 Use Of Pointer Subtraction To Determine Size Sinks: wrong_ptr_print GoodSink: Subtract pointers correctly and print data BadSink : Subtract pointers to two different strings Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 469 Use Of Pointer Subtraction To Determine Size Sinks: ncpy GoodSink: using correct pointer subtraction to determine length in strncpy() BadSink : Beginning and end pointers are switched leading to an incorrect length in strncpy() Flow Variant: 15 Control flow: switch(6)

CWE: 319 Plaintext Transmission of Sensitive Information BadSource: connect_socket Read the password using a connect socket (client side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sink: BadSink : Authenticate the user using LogonUserW() Flow Variant: 03 Co...

CWE: 252 Unchecked Return Value Sinks: w32CreateNamedPipe GoodSink: Check the return value of CreateNamedPipeA() and handle it properly BadSink : Do not check if CreateNamedPipeA() fails Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 252 Unchecked Return Value Sinks: w32CreateNamedPipe GoodSink: Check the return value of CreateNamedPipeA() and handle it properly BadSink : Do not check if CreateNamedPipeA() fails Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 23 Relative Path Traversal BadSource: fromFile Read input from a file GoodSource: File name without a period or slash Sink: open BadSink : Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different source files

CWE: 197 Numeric Truncation Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Less than CHAR_MAX Sinks: to_char BadSink : Convert data to a char Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files

CWE: 191 Integer Underflow BadSource: fixed Fixed value GoodSource: Small, non-zero Sinks: GoodSink: Ensure there is no underflow before performing the subtraction BadSink : Subtract 1 from data Flow Variant: 07 Control flow: if(static_five==5) and if(static_five!=5)

CWE: 190 Integer Overflow BadSource: fgets Read data from the console using fgets() GoodSource: Small, non-zero Sinks: multiply GoodSink: Ensure there is no overflow before performing the multiplication BadSink : Multiply data by 2 Flow Variant: 68 Data flow: data passed as a global variabl...

CWE: 187 Partial Comparison BadSource: fromConsole Read input from the console GoodSource: Provide a matching password Sinks: ncmp_user_pw GoodSink: Compare the 2 passwords correctly BadSink : use strncmp() to do password match, but use the length of the user password Flow Variant: 16 Contr...

CWE: 15 External Control of System or Configuration Setting Sinks: GoodSink: Properly authenticate all requests to set the hostname BadSink : Set the hostname to data obtained from the network / external source Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 134 Uncontrolled Format String BadSource: Environment Read input from an environment variable GoodSource: Copy a fixed string into data Sinks: vsnprintf GoodSink: _vsnwprintf with a format string BadSink : _vsnwprintf without a format string Flow Variant: 07 Control flow: if(static_fiv...

CWE: 134 Uncontrolled Format String BadSource: fromFile Read input from a file GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snprintf with "%s" as the third argument and data as the fourth BadSink : snprintf with data as the third argument Flow Variant: 41 Data flow: d...

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 126 Buffer Over-read BadSource: Set data pointer to a small buffer GoodSource: Set data pointer to a large buffer Sinks: memmove BadSink : Copy data to string using memmove Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same fun...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: ncpy BadSink : Copy string to data using strncpy Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using strcpy Flow Variant: 07 Control flow: if(static_five==5) and if(static_five!=5)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 05 Control flow: if(static_t) and if...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fifth...

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sinks: BadSink : Load a dynamic link library Flow Variant: 67 Data flow: data passed in a struct from one function to another in different ...