CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy data to string using a loop Flow Variant: 17 Control flow: for loops

CWE: 127 Buffer Under-read BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: memcpy BadSink : Copy data to string using memcpy Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: cpy BadSink : Copy string to data using strcpy Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize the source buffer using the size of a pointer GoodSource: Initialize the source buffer using the size of the DataElementType Sinks: BadSink : Print then free data Flow Variant: 34 Data flow: use of a union containing two methods of a...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: cpy BadSink : Copy string to data using strcpy Flow Variant: 11 Control flow: if(globalReturnsTrue()...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: snprintf BadSink : Copy data to string using snprintf Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: ncpy BadSink : Copy string to data using wcsncpy Flow Variant: 34 Data flow: use of a union contain...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: loop BadSink : Copy string to data using a loop Flow Variant: 43 Data flow: data flows using a C++ ...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: loop BadSink : Copy twoIntsStruct array to data using a loop Flow Variant: 42 Data flow: data return...

CWE: 83 Cross Site Scripting (XSS) in attributes; Examples(replace QUOTE with an actual double quote): ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEalert(1) and ?img_loc=http://www.google.comQUOTE%20onerror=QUOTEjavascript:alert(1) BadSource: fromFile Read data from file (named c:\data.txt...

CWE: 617 Assertion is reachable BadSource: getQueryStringServlet Parse id param out of the querystring without getParam GoodSource: A hardcoded string BadSink: possibility of assertion being triggered Flow Variant: 01 Baseline

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_...

CWE: 534 Information Leak Through Debug Log Files Sinks: GoodSink: Write to the log, but do not write the password BadSink : Write to the log and include the password Flow Variant: 09 Control flow: if(global_const_t) and if(global_const_f)

CWE: 476 NULL Pointer Dereference BadSource: Set data to NULL GoodSource: Initialize data Sink: BadSink : Print data Flow Variant: 12 Control flow: if(global_returns_t_or_f())

CWE: 401 Memory Leak BadSource: Allocate data using new GoodSource: Allocate data on the stack Sinks: GoodSink: call delete on data BadSink : no deallocation of data Flow Variant: 16 Control flow: while(1) and while(0)

CWE: 390 Detection of Error Condition Without Action Sinks: putchar GoodSink: Check if putwchar() failed and handle errors properly BadSink : Check to see if putwchar() failed, but do nothing about it Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 36 Absolute Path Traversal BadSource: fromFile Read input from a file GoodSource: Full path and file name Sink: w32CreateFile BadSink : Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 36 Absolute Path Traversal BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Full path and file name Sink: open BadSink : Flow Variant: 04 Control flow: if(static_const_t) and if(static_const_f)

CWE: 195 Signed to Unsigned Conversion BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sink: strncpy BadSink : Copy strings using strncpy() with the length of data Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_return...

CWE: 129 Improper Validation of Array Index BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Larger than zero but less than 10 Sinks: wchar_t GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncpy BadSink : Copy data to string using strncpy Flow Variant: 42 Data flow: data returned from one function to another in the same source file

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sink: memmove BadSink : Copy long long array to data using memmove Flow Variant: 13 Control flow: if(global_cons...

CWE: 121 Stack Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncat BadSink : Copy data to string using wcsncat Flow Variant: 67 Data flow: data passed in a struct from one function to another in different source files