Create FUNDING.yml

.github/FUNDING.yml

@@ -0,0 +1,15 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: haga # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+polar: # Replace with a single Polar username
+buy_me_a_coffee: # Replace with a single Buy Me a Coffee username
+thanks_dev: # Replace with a single thanks.dev username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

CWE-665/src/cwe665_improper_initialization.c

@@ -0,0 +1,28 @@
+/*
+Common Weakness Enumeration 665 improper initialization
+*/
+#include <stdio.h>
+#include <string.h> /*strcat();*/
+int main() {
+    /*
+    This might seem innocent enough, but str was not initialized, so it contains random memory.
+    As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0.
+    The consequences can vary, depending on the underlying memory.
+
+    If a null terminator is found before str[8], then some bytes of random garbage will be printed before the "hello world" string.
+    The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244).
+    In this example, it might not be a big deal,
+    but consider what could happen if large amounts of memory are printed out before the null terminator is found.
+
+    If a null terminator isn't found before str[8], then a buffer overflow could occur,
+    since strcat will first look for the null terminator, then copy 12 bytes starting with that location.
+    Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn't found before the end of the memory segment is reached,
+    leading to a segmentation fault and crash.
+    */
+    char string[11];
+    strcat(string, "hello world");
+    printf("%s\n", string);
+
+    scanf("%s", string);
+    printf("%s\n", string);
+}

CWE-665/src/uninitialize_array_index.c

@@ -0,0 +1,6 @@
+#include <stdio.h>
+int main() {
+    int uninitialized_index;
+    int array[3] = {0,1,2};
+    printf("%d\n", array[uninitialized_index]);
+}

README.md

@@ -1,5 +1,6 @@
-# SEEWE
-Examples that illustrate the different code vulnerabilities according to CWE.
+https://chat.deepseek.com/a/chat/s/2f0fc091-5fd0-4e15-a7be-e0d1116ab71f  
+https://cwe.mitre.org/data/definitions/665.html  
+https://www.google.com/search?q=Resource+Acquisition+Is+Initialization+in+c&sca_esv=219388647f983b16&sxsrf=AE3TifPRmUqrSUmompc7jy606FtnFHYfvw%3A1759176038350&ei=ZuXaaI2MFeaQseMP_5GU0Qg&ved=0ahUKEwiN1_O24f6PAxVmSGwGHf8IJYoQ4dUDCBE&uact=5&oq=Resource+Acquisition+Is+Initialization+in+c&gs_lp=Egxnd3Mtd2l6LXNlcnAiK1Jlc291cmNlIEFjcXVpc2l0aW9uIElzIEluaXRpYWxpemF0aW9uIGluIGMyBhAAGBYYHjIGEAAYFhgeMgYQABgWGB4yBhAAGBYYHjIIEAAYgAQYogRIwSVQywVYwB1wAXgBkAEAmAFpoAG3A6oBAzQuMbgBA8gBAPgBAZgCBqACzAPCAgoQABiwAxjWBBhHwgINEAAYgAQYsAMYQxiKBcICBRAAGIAEwgILEAAYgAQYhgMYigXCAgUQABjvBZgDAIgGAZAGCpIHAzUuMaAH9h-yBwM0LjG4B8YDwgcFMC41LjHIBw4&sclient=gws-wiz-serp  
 
 - [CWE-20](CWE-20) (Improper Input Validation)
 - [CWE-119](CWE-119) (Improper restriction of operations within the bounds of a memory buffer)
@@ -20,4 +21,4 @@ Examples that illustrate the different code vulnerabilities according to CWE.
 - [CWE-457](CWE-457) (Use of uninitialized variable)
 - [CWE-476](CWE-476) (Null pointer dereference)
 - [CWE-665](CWE-665) (Improper initialization)
-- [CWE-787](CWE-787) (Out-of-bounds Write - TBD)
+- [CWE-787](CWE-787) (Out-of-bounds Write - TBD)