CWE: 758 Undefined Behavior Sinks: malloc_use GoodSink: Initialize then use data BadSink : Use data from malloc without initialization Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 606 Unchecked Input For Loop Condition BadSource: fromFile Read input from a file GoodSource: Input a number less than MAX_LOOP Sinks: GoodSink: Use data as the for loop variant after checking to see if it is less than MAX_LOOP BadSink : Use data as the for loop variant without checking...

CWE: 590 Free of Invalid Pointer Not on the Heap BadSource: declare Data buffer is declared on the stack GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 563 Unused Variable BadSource: Initialize data Sinks: GoodSink: Use data BadSink : do nothing Flow Variant: 15 Control flow: switch(6)

CWE: 427 Uncontrolled Search Path Element BadSource: Environment Read input from an environment variable GoodSource: Use a hardcoded path Sink: BadSink : Set the environment variable Flow Variant: 16 Control flow: while(1) and while(0)

CWE: 416 Use After Free BadSource: Allocate data using new, initialize memory block, and Deallocate data using delete GoodSource: Allocate data using new and initialize memory block Sinks: GoodSink: Do nothing BadSink : Use data after free() Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 272 Least Privilege Principal Sinks: w32RegOpenKeyEx GoodSink: Open a registry key using RegOpenKeyExW() and HKEY_CURRENT_USER BadSink : Open a registry key using RegOpenKeyExW() and HKEY_LOCAL_MACHINE Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 253 Incorrect Check of Return Value Sinks: fgets GoodSink: Correctly check if fgets() failed before trying to use the destination buffer BadSink : Incorrectly check if fgets() failed Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 252 Unchecked Return Value Sinks: w32CreateMutex GoodSink: Check the return value of CreateMutexA() and handle it properly BadSink : Do not check if CreateMutexA() fails Flow Variant: 10 Control flow: if(global_t) and if(global_f)

CWE: 23 Relative Path Traversal BadSource: Environment Read input from an environment variable GoodSource: File name without a period or slash Sink: open BadSink : Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 195 Signed to Unsigned Conversion BadSource: fgets Read data from the console using fgets() GoodSource: Positive integer Sink: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 12 Control flow: if(global_returns_t_or_f())

CWE: 191 Integer Underflow BadSource: rand Set data to result of rand() GoodSource: Small, non-zero Sinks: GoodSink: Ensure there is no underflow before performing the subtraction BadSink : Subtract 1 from data Flow Variant: 65 Data/control flow: data passed as an argument from one function...

CWE: 190 Integer Overflow BadSource: fscanf Read data from the console using fscanf() GoodSource: Small, non-zero Sinks: multiply GoodSink: Ensure there is no overflow before performing the multiplication BadSink : Multiply data by 2 Flow Variant: 11 Control flow: if(global_returns_t()) and...

CWE: 187 Partial Comparison BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Provide a matching password Sinks: ncmp_correct_pw GoodSink: Compare the 2 passwords correctly BadSink : use strncmp() to do password match, but use the length of the correct pass...

CWE: 129 Improper Validation of Array Index BadSource: fgets Read data from the console using fgets() GoodSource: Larger than zero but less than 10 Sinks: wchar_t GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Varian...

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy data to string using wcsncpy Flow Variant: 10 Control flow: if(global_t) and if(global_f)

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memcpy BadSink : Copy string to data using memcpy Flow Variant: 51 Data flow: data passed as an argument from one function to anothe...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: ncpy BadSink : Copy string to data using strncpy Flow Variant: 18 Control flow: goto statements

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memmove BadSink : Copy string to data using memmove Flow Variant: 64 Data flow: void pointer to data passed from one function to an...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: memcpy BadSink : Copy data to string using memcpy Flow Variant: 41 Data flow: data passed as an argument from one function to another in the same source file

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 64 Data flow: void pointer to data passed f...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sinks: memcpy BadSink : Copy int array to data using memcpy Flow Variant: 33 Data flow: use of a C++ reference t...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: cat BadSink : Copy data to string using wcscat Flow Variant: 16 Control flow: while(1) and while(0)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sinks: memcpy BadSink : Copy long long array to data using memcpy Flow Variant: 67 Data flow: data passed in a struct from one function to another in different ...