Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.

Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.

Allowing user input to control resource identifiers may enable an attacker to access or modify otherwise protected system resources.

Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.

Allowing user input to control resource identifiers may enable an attacker to access or modify otherwise protected system resources.

If a functions return value is not checked, it could have failed without any warning. (from TCCLASP-5_6_1_9)

Tempfile creation should be done in a safe way. To be safe, the temp file function should open up the temp file with appropriate access control. The temp file function should also retain this quality, while being resistant to race conditions. (from TCCLASP-5_6_20_10) (CWE 378)

Not using a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks. (from TCCLASP-5_5_22_10-C). (CWE 329)

State synchronization refers to a set of flaws involving contradictory states of execution in a process which result in undefined behavior (from TCCLASP-5_4_1_10-C).

The test case shows a resource injection.

Null Dereference in a Index Alias complexity

Null Dereference in a Index Alias complexity

The pointer p is dereferenced even though the value is null.

The pointer p is dereferenced even though the value is null.

The pointer is dereferenced even though the value is null in the \'function\' call.

The pointer is dereferenced even though the value is null in the \'function\' call.

The pointer p is dereferenced even though the value is null.

The pointer p is dereferenced even though the value is null.

Throws and uncaught range check exception

Throws and uncaught range check exception

The test case has a SQL Injection weakness in a array index complexity source code.

The test case has a SQL Injection weakness in a array index complexity source code.

integer p is not initiated before its use in a for loop

integer p is not initiated before its use in a for loop

The test case has a SQL Injection weakness in a Scope complexity.