CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sink: w32_execvp BadSink : execute command with execvp Flow Variant: 16 Control flow: while(1)

CWE: 78 OS Command Injection BadSource: file Read input from a file GoodSource: Fixed string Sinks: system BadSink : Execute command in data using system() Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same function)

CWE: 78 OS Command Injection BadSource: environment Read input from an environment variable GoodSource: Fixed string Sinks: w32spawnl BadSink : execute command with spawnl Flow Variant: 64 Data flow: void pointer to data passed from one function to another in different source files

CWE: 78 OS Command Injection BadSource: console Read input from the console GoodSource: Fixed string Sinks: w32_spawnvp BadSink : execute command with spawnvp Flow Variant: 62 Data flow: data flows using a C++ reference from one function to another in different source files

CWE: 789 Uncontrolled Memory Allocation BadSource: rand Set data to result of rand(), which may be zero GoodSource: Small number greater than zero Sinks: GoodSink: Allocate memory with malloc() and check the size of the memory to be allocated BadSink : Allocate memory with malloc(), but inco...

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new GoodSource: Allocate data using malloc() Sinks: GoodSink: Deallocate data using delete BadSink : Deallocate data using free() Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new GoodSource: Allocate data using malloc() Sinks: GoodSink: Deallocate data using delete BadSink : Deallocate data using free() Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 762 Mismatched Memory Management Routines BadSource: Allocate data using new [] GoodSource: Allocate data using malloc() Sinks: GoodSink: Deallocate data using delete [] BadSink : Deallocate data using free() Flow Variant: 81 Data flow: data passed in a parameter to an virtual method ...

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 32 Data flow using two pointers to the same value within the s...

CWE: 762 Mismatched Memory Management Routines BadSource: realloc Allocate data using realloc() GoodSource: Allocate data using new Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONS...

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 33 Data flow: use of a C++ reference to data within the ...

CWE: 762 Mismatched Memory Management Routines BadSource: calloc Allocate data using calloc() GoodSource: Allocate data using new [] Sinks: GoodSink: Deallocate data using free() BadSink : Deallocate data using delete [] Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)

CWE: 459 Incomplete Cleanup Sinks: GoodSink: Clean up properly BadSink : Dont unlink Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 415 Double Free BadSource: Allocate data using malloc() and Deallocate data using free() GoodSource: Allocate data using malloc() Sinks: GoodSink: do nothing BadSink : Deallocate data using free() Flow Variant: 17 Control flow: for loops

CWE: 401 Memory Leak BadSource: realloc Allocate data using realloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)

CWE: 195 Signed to Unsigned Conversion Error BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Positive integer Sinks: malloc BadSink : Allocate memory using malloc() with the size of data Flow Variant: 73 Data flow: data passed in a list from one function ...

CWE: 134 Uncontrolled Format String BadSource: console Read input from the console GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument Flow Variant: 68 Data flo...

CWE: 134 Uncontrolled Format String BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Copy a fixed string into data Sinks: snprintf GoodSink: snwprintf with %s as the third argument and data as the fourth BadSink : snwprintf with data as the third argument ...

CWE: 126 Buffer Over-read BadSource: Use a small buffer GoodSource: Use a large buffer Sinks: loop BadSink : Copy data to string using a loop Flow Variant: 34 Data flow: use of a union containing two methods of accessing the same data (within the same function)

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize the source buffer using the size of a pointer GoodSource: Initialize the source buffer using the size of the DataElementType Sink: BadSink : Print then free data Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_C...

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sink: ncat BadSink : Copy data to string using strncat Flow Variant: 02 Control flow: if(1) and if(0)

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sinks: snprintf BadSink : Copy string to data using snprintf Flow Variant: 44 Data/control flow: data pass...

CWE: 122 Heap Based Buffer Overflow BadSource: Allocate using malloc() and set data pointer to a small buffer GoodSource: Allocate using malloc() and set data pointer to a large buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE=...

CWE: 257 Storing passwords in a recoverable format BadSource: console_readLine Read data from the console using readLine GoodSource: A hardcoded string Sinks: GoodSink: one-way hash instead of symmetric crypto BadSink : symmetric encryption with an easy key Flow Variant: 19 Control flow: De...

CWE: 401 Memory Leak BadSource: Allocate data using new[] GoodSource: Point data to a stack buffer Sinks: GoodSink: call delete[] on data BadSink : no deallocation of data Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourth; all four func...