CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 15 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 14 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 13 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 12 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 11 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 10 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 09 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 08 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 07 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 06 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 05 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 04 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 03 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 02 Control flo...

CWE: 565 Cookies used to make a security decision; in this case a cookie is used to tell whether someone has administrator privileges Sinks: cookieInSecurityDecisionServlet GoodSink: Uses isUserInRole() to authorize user BadSink : Uses the cookie to authorize user Flow Variant: 01 Baseline

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 17 Control flow: for loops

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 16 Control flow: while(true) and while(local_f)

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 15 Control flow: switch(6) and switch(7)

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 14 Control flow: if(IO.static_five==5) and if(IO.static_five!=5)

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 13 Control flow: if(IO.static_final_five==5) and if(IO.static_final_five!=5)

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 11 Control flow: if(IO.static_returns_t()) and if(IO.static_returns_f())

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.static_f)

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 09 Control flow: if(IO.static_final_t) and if(IO.static_final_f)

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 08 Control flow: if(private_returns_t()) and if(private_returns_f())

CWE: 563 Unused Variable BadSource: Initialize data GoodSource: Initialize and use data Sinks: GoodSink: Use data BadSink : re-initialize and use data Flow Variant: 07 Control flow: if(private_five==5) and if(private_five!=5)