This test case shows a double free in a local control flow complexity.

CWE: 690 Unchecked return value is null, leading to a null pointer dereference. BadSource: getParameter_Servlet Set data to return of getParameter_Servlet GoodSource: Set data to fixed, non-null String Sinks: trim GoodSink: Check data for null before calling trim() BadSink : Call trim() on p...

CWE: 690 Unchecked return value is null, leading to a null pointer dereference. BadSource: Properties_getProperty Set data to return of Properties.getProperty GoodSource: Set data to fixed, non-null String Sinks: equals GoodSink: Call equals() on string literal (that is not null) BadSink : C...

CWE: 613 Insufficient Session Expiration Sinks: GoodSink: force session to expire BadSink : set session to never expire Flow Variant: 16 Control flow: while(true) and while(local_f)

CWE: 338 Use of Cryptographically Weak PRNG Sinks: math GoodSink: stronger PRNG BadSink : weak PRNG Flow Variant: 17 Control flow: for loops

CWE: 259 Hard Coded Password BadSource: hardcodedPassword Hardcoded password in String GoodSource: Password is read from stdin BadSink: driverManager password used in database connection Flow Variant: 01 Baseline

CWE: 113 HTTP Response Splitting BadSource: fromFile Read data from file (named c:\data.txt) GoodSource: A hardcoded string Sinks: setHeaderServlet GoodSink: URLEncode input BadSink : querystring to setHeader() Flow Variant: 09 Control flow: if(IO.static_final_t) and if(IO.static_final_f)

CWE: 680 Integer Overflow to Buffer Overflow BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Small number greater than zero that will not cause an integer overflow in the sink Sinks: BadSink : Attempt to allocate array using length value from source Flow ...

CWE: 606 Unchecked Input For Loop Condition BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Input a number less than MAX_LOOP Sinks: GoodSink: Use data as the for loop variant after checking to see if it is less than MAX_LOOP BadSink : Use data as the for l...

CWE: 590 Free of Invalid Pointer Not on the Heap BadSource: declare Data buffer is declared on the stack GoodSource: Allocate memory on the heap Sinks: BadSink : Print then free data Flow Variant: 31 Data flow using a copy of data within the same function

CWE: 416 Use After Free BadSource: Allocate data using new, initialize memory block, and Deallocate data using delete GoodSource: Allocate data using new and initialize memory block Sinks: GoodSink: Do nothing BadSink : Use data after free() Flow Variant: 11 Control flow: if(global_returns...

CWE: 401 Memory Leak BadSource: realloc Allocate data using realloc() GoodSource: Allocate data on the stack Sinks: GoodSink: call free() on data BadSink : no deallocation of data Flow Variant: 08 Control flow: if(static_returns_t()) and if(static_returns_f())

CWE: 319 Plaintext Transmission of Sensitive Information BadSource: listen_socket Read the password using a listen socket (server side) GoodSource: Use a hardcoded password (one that was not sent over the network) Sink: BadSink : Authenticate the user using LogonUserA() Flow Variant: 01 Base...

CWE: 195 Signed to Unsigned Conversion BadSource: listen_socket Read data using a listen socket (server side) GoodSource: Positive integer Sink: malloc BadSink : Allocate memory using malloc() with the size of data Flow Variant: 14 Control flow: if(global_five==5) and if(global_five!=5)

CWE: 195 Signed to Unsigned Conversion BadSource: fscanf Read data from the console using fscanf() GoodSource: Positive integer Sinks: memcpy BadSink : Copy strings using memcpy() with the length of data Flow Variant: 66 Data flow: data passed in an array from one function to another in diff...

CWE: 191 Integer Underflow BadSource: fixed Fixed value GoodSource: Greater than INT_MIN Sinks: GoodSink: Ensure there is no underflow before performing the subtraction BadSink : Subtract 1 from data Flow Variant: 06 Control flow: if(static_const_five==5) and if(static_const_five!=5)

CWE: 15 External Control of System or Configuration Setting Sinks: GoodSink: Properly authenticate all requests to set the hostname BadSink : Set the hostname to data obtained from the network / external source Flow Variant: 07 Control flow: if(static_five==5) and if(static_five!=5)

CWE: 131 Incorrect Calculation of Buffer Size BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sink: ncpy BadSink : Copy string to data using wcsncpy() Flow Variant: 19 Control flow...

CWE: 131 Incorrect Calculation of Buffer Size BadSource: Allocate memory for a string, but do not allocate space for NULL terminator GoodSource: Allocate enough memory for a string and the NULL terminator Sink: ncpy BadSink : Copy string to data using strncpy() Flow Variant: 16 Control flow...

CWE: 124 Buffer Underwrite BadSource: Set data pointer to before the allocated memory buffer GoodSource: Set data pointer to the allocated memory buffer Sink: loop BadSink : Copy string to data using a loop Flow Variant: 11 Control flow: if(global_returns_t()) and if(global_returns_f())

CWE: 122 Heap Based Buffer Overflow BadSource: Initialize data as a large string GoodSource: Initialize data as a small string Sinks: cat BadSink : Copy data to string using wcscat Flow Variant: 65 Data/control flow: data passed as an argument from one function to a function in a different ...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memmove BadSink : Copy string to data using memmove Flow Variant: 53 Data flow: data passed as an argument from one function through two others to a fourt...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy long long array to data using memcpy Flow Variant: 13 Control flow: if(global_const_five==5) and if(global_const_five!=5)

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: memcpy BadSink : Copy int array to data using memcpy Flow Variant: 54 Data flow: data passed as an argument from one function through three others to a fi...

CWE: 121 Stack Based Buffer Overflow BadSource: Set data pointer to the bad buffer GoodSource: Set data pointer to the good buffer Sink: cpy BadSink : Copy string to data using strcpy Flow Variant: 52 Data flow: data passed as an argument from one function to another to another in three dif...