MS

Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should not be used. (from TCCLASP-5_6_15_10)

Tainted input allows arbitrary files to be read and written.

Tainted input allows arbitrary files to be read and written. (fixed version)

Two file operations are performed on a filename, allowing a filename race condition to occur.

The credentials for connecting to the database are hard-wired into the sourcecode.

An exception leaks internal path information to the user.

An exception leaks internal path information to the user. (fixed version)

Tainted output allows log entries to be forged.

Tainted output allows log entries to be forged. (fixed version)

Tainted output allows log entries to be forged.

Tainted output allows log entries to be forged. (fixed version)

Memory resources are referenced indefinitely but never used, resulting in a memory leak.

Memory resources are referenced indefinitely but never used, resulting in a memory leak. (fixed version)

Tainted input allows command execution.

Tainted input allows command execution. (fixed version)

Tainted data spliced into a SQL query leads to a SQL injection issue.

Tainted data spliced into a SQL query leads to a SQL injection issue. (fixed version)

Tainted output allows cross-site scripting attack.

Tainted output allows cross-site scripting attack.

Tainted output allows cross-site scripting attack. (fixed version 2)

Test of tool to identify potential resource injection weakness in source code.

Test determines if a tool can identify a hardcoded password weakness in code.

Test of tool ability to identify an unchecked (unhandled) exception in Java.

Private Array-Typed field returned from a public method.

Test of tool\'s ability to identify an assignment of public data to to a private array field.