CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: w32spawnl BadSink : execute command with spawnl Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sink: execlp BadSink : execute command with execlp Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different source files

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_spawnv BadSink : execute command with spawnv Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three different source files

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sink: w32_spawnv BadSink : execute command with spawnv Flow Variant: 51 Data flow: data passed as an argument from one function to another in different source files

CWE: 789 Uncontrolled Memory Allocation BadSource: fscanf Read data from the console using fscanf() GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with new [] and check the size of the memory to be allocated BadSink : Allocate memory with new [], but incorrectly ...

CWE: 789 Uncontrolled Memory Allocation BadSource: rand Set data to result of rand(), which may be zero GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with malloc() and check the size of the memory to be allocated BadSink : Allocate memory with malloc(), but inco...

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new GoodSource: Allocate data using malloc() Sinks: GoodSink: Deallocate data using delete BadSink : Deallocate data using free() Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 762 Mismatched Memory Management Routines BadSource: realloc Allocate data using realloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 81 Data flow: data passed in a parameter to an virtual...

CWE: 459 Incomplete Cleanup Sinks: GoodSink: Clean up properly BadSink : Dont unlink Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 415 Double Free BadSource: Allocate data using malloc() and Deallocate data using free() GoodSource: Allocate data using malloc() Sinks: GoodSink: do nothing BadSink : Deallocate data using free() Flow Variant: 17 Control flow: for loops

CWE: 401 Memory Leak BadSource: realloc Allocate data using realloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument Flow Variant: 68 Data flo...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument ...

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same function)

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize the source buffer using the size of a pointer GoodSource: Initialize the source buffer using the size of the DataElementType Sink: BadSink : Print then free data Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_C...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: ncat BadSink : Copy data to string using wcsncat Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the sam...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using strncat Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: snprintf BadSink : Copy string to data using snprintf Flow Variant: 44 Data/control flow: data pass...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: memmove BadSink : Copy string to data using memmove Flow Variant: 44 Data/control flow: data passed...

CWE: 122 Heap Based Buffer Overflow BadSource: large Large index value that is greater than 10-1 GoodSource: Larger than zero but less than 10 Sinks: GoodSink: Ensure the array index is valid BadSink : Improperly check the array index by not checking the upper bound Flow Variant: 04 Control...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate memory without using sizeof(int) GoodSource: Allocate memory using sizeof(int) Sinks: memcpy BadSink : Copy array to data using memcpy() Flow Variant: 33 Data flow: use of a C++ reference to data within the same function

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using new[] and set data pointer to a small buffer GoodSource: Allocate using new[] and set data pointer to a large buffer Sink: snprintf BadSink : Copy string to data using snprintf Flow Variant: 53 Data flow: data passed as an argume...

CWE: 257 Storing passwords in a recoverable format BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: GoodSink: one-way hash instead of symmetric crypto BadSink : symmetric encryption with an easy key Flow Variant: 19 Control flow: De...

CWE: 401 Memory Leak BadSource: Allocate data using new[] GoodSource: Point data to a stack buffer Sinks: GoodSink: call delete[] on data BadSink : no deallocation of data Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all four func...