CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 13 Control flow: if(IO.static_final_five==5) and if(IO...

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 11 Control flow: if(IO.static_returns_t()) and if(IO.s...

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 10 Control flow: if(IO.static_t) and if(IO.static_f)

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 09 Control flow: if(IO.static_final_t) and if(IO.stati...

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 08 Control flow: if(private_returns_t()) and if(privat...

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 07 Control flow: if(private_five==5) and if(private_fi...

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 06 Control flow: if(private_final_five==5) and if(priv...

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 05 Control flow: if(private_t) and if(private_f)

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 04 Control flow: if(private_final_t) and if(private_fi...

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 03 Control flow: if(5==5) and if(5!=5)

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 02 Control flow: if(true) and if(false)

CWE: 470 Unsafe Reflection BadSource: Environment Read a string from an environment variable GoodSource: Hardcoded class to load Sinks: GoodSink: instantiate only certain fixed classes BadSink : instantiate arbitrary class Flow Variant: 01 Baseline

good checks for lock status before acting on shared resource.

bad does not check lock status before acting on shared resource.

Improper Resource Shutdown. Performs some, but not all, necessary resource cleanup (DB connection is not closed).

Improper Resource Shutdown. Performs some, but not all, necessary resource cleanup (InputStreamReader is not closed).

Improper Resource Shutdown. Performs some, but not all, necessary resource cleanup (FileReader is not closed).

CWE: 400 Resource Exhaustion Sinks: uploadDiskServlet GoodSink: restricted upload size BadSink : no restriction on upload size Flow Variant: 19 Control flow: Dead code after an if(true) return

CWE: 400 Resource Exhaustion Sinks: uploadDiskServlet GoodSink: restricted upload size BadSink : no restriction on upload size Flow Variant: 17 Control flow: for loops

CWE: 400 Resource Exhaustion Sinks: uploadDiskServlet GoodSink: restricted upload size BadSink : no restriction on upload size Flow Variant: 16 Control flow: while(true) and while(local_f)

CWE: 400 Resource Exhaustion Sinks: uploadDiskServlet GoodSink: restricted upload size BadSink : no restriction on upload size Flow Variant: 15 Control flow: switch(7)

CWE: 400 Resource Exhaustion Sinks: uploadDiskServlet GoodSink: restricted upload size BadSink : no restriction on upload size Flow Variant: 14 Control flow: if(IO.static_five==5) and if(IO.static_five!=5)

CWE: 400 Resource Exhaustion Sinks: uploadDiskServlet GoodSink: restricted upload size BadSink : no restriction on upload size Flow Variant: 13 Control flow: if(IO.static_final_five==5) and if(IO.static_final_five!=5)

CWE: 400 Resource Exhaustion Sinks: uploadDiskServlet GoodSink: restricted upload size BadSink : no restriction on upload size Flow Variant: 12 Control flow: if(IO.static_returns_t_or_f())