/* goodG2B() - use goodsource and badsink */
  private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

    /* FIX: Use a hardcoded string */
    data = "foo";

    Container data_container = new Container();
    data_container.a = data;
    (new CWE80_XSS__Servlet_getQueryStringServlet_67b())
        .goodG2B_sink(data_container, request, response);
  }
  /* goodG2B() - use goodsource and badsink */
  private void goodG2B() throws Throwable {
    String data;

    java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

    /* FIX: Use a hardcoded string */
    data = "foo";

    Container data_container = new Container();
    data_container.a = data;
    (new CWE643_Unsafe_Treatment_of_XPath_Input__URLConnection_67b()).goodG2B_sink(data_container);
  }
  /* goodG2B() - use goodsource and badsink */
  private void goodG2B() throws Throwable {
    String data;

    java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

    /* FIX: Use a hardcoded string */
    data = "foo";

    Container data_container = new Container();
    data_container.a = data;
    (new CWE617_Reachable_Assertion__Environment_67b()).goodG2B_sink(data_container);
  }
  public void bad() throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* get environment variable ADD */
    data = System.getenv("ADD");

    Container data_container = new Container();
    data_container.a = data;
    (new CWE617_Reachable_Assertion__Environment_67b()).bad_sink(data_container);
  }
  /* goodG2B() - use goodsource and badsink */
  private void goodG2B() throws Throwable {
    int data;

    java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

    /* FIX: Use a hardcoded number that won't cause underflow, overflow,
    divide by zero, or loss-of-precision issues */
    data = 2;

    Container data_container = new Container();
    data_container.a = data;
    (new CWE369_Divide_By_Zero__PropertiesFile_divide_67b()).goodG2B_sink(data_container);
  }
  /* goodG2B() - use goodsource and badsink */
  private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

    /* FIX: Use a hardcoded string */
    data = "foo";

    Container data_container = new Container();
    data_container.a = data;
    (new CWE113_HTTP_Response_Splitting__URLConnection_sendRedirectServlet_67b())
        .goodG2B_sink(data_container, request, response);
  }
  /* goodG2B() - use goodsource and badsink */
  private void goodG2B() throws Throwable {
    int data;

    java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

    /* FIX: Use a hardcoded number that won't cause underflow, overflow,
    divide by zero, or loss-of-precision issues */
    data = 2;

    Container data_container = new Container();
    data_container.a = data;
    (new CWE191_Integer_Underflow__fromFile_multiply_67b()).goodG2B_sink(data_container);
  }
  public void bad() throws Throwable {
    int data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* init data */
    data = -1;

    File f = new File("C:\\name.txt");
    BufferedReader buffread = null;
    FileReader fread = null;
    try {
      /* read string from file into data */
      char[] readIn = new char[(new Long(f.length())).intValue()];
      fread = new FileReader(f);
      buffread = new BufferedReader(fread);

      String s_data =
          buffread.readLine(); // This will be reading the first "line" of the file, which
      // could be very long if there are little or no newlines in the file\
      data = Integer.parseInt(s_data.trim());
    } catch (IOException ioe) {
      log_bad.warning("Error with stream reading");
    } catch (NumberFormatException nfe) {
      log_bad.warning("Error with number parsing");
    } finally {
      /* clean up stream reading objects */
      try {
        if (buffread != null) {
          buffread.close();
        }
      } catch (IOException ioe) {
        log_bad.warning("Error closing buffread");
      } finally {
        try {
          if (fread != null) {
            fread.close();
          }
        } catch (IOException ioe) {
          log_bad.warning("Error closing fread");
        }
      }
    }

    Container data_container = new Container();
    data_container.a = data;
    (new CWE191_Integer_Underflow__fromFile_multiply_67b()).bad_sink(data_container);
  }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    data = ""; /* init data */

    URLConnection conn = (new URL("http://www.example.org/")).openConnection();
    BufferedReader buffread = null;
    InputStreamReader instrread = null;
    try {
      /* read input from URLConnection */
      instrread = new InputStreamReader(conn.getInputStream());
      buffread = new BufferedReader(instrread);

      data = buffread.readLine(); // This will be reading the first "line" of the response body,
      // which could be very long if there are no newlines in the HTML
    } catch (IOException ioe) {
      log_bad.warning("Error with stream reading");
    } finally {
      /* clean up stream reading objects */
      try {
        if (buffread != null) {
          buffread.close();
        }
      } catch (IOException ioe) {
        log_bad.warning("Error closing buffread");
      } finally {
        try {
          if (instrread != null) {
            instrread.close();
          }
        } catch (IOException ioe) {
          log_bad.warning("Error closing instrread");
        }
      }
    }

    Container data_container = new Container();
    data_container.a = data;
    (new CWE113_HTTP_Response_Splitting__URLConnection_sendRedirectServlet_67b())
        .bad_sink(data_container, request, response);
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G() throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    data = ""; /* init data */

    URLConnection conn = (new URL("http://www.example.org/")).openConnection();
    BufferedReader buffread = null;
    InputStreamReader instrread = null;
    try {
      /* read input from URLConnection */
      instrread = new InputStreamReader(conn.getInputStream());
      buffread = new BufferedReader(instrread);

      data = buffread.readLine(); // This will be reading the first "line" of the response body,
      // which could be very long if there are no newlines in the HTML
    } catch (IOException ioe) {
      log_bad.warning("Error with stream reading");
    } finally {
      /* clean up stream reading objects */
      try {
        if (buffread != null) {
          buffread.close();
        }
      } catch (IOException ioe) {
        log_bad.warning("Error closing buffread");
      } finally {
        try {
          if (instrread != null) {
            instrread.close();
          }
        } catch (IOException ioe) {
          log_bad.warning("Error closing instrread");
        }
      }
    }

    Container data_container = new Container();
    data_container.a = data;
    (new CWE643_Unsafe_Treatment_of_XPath_Input__URLConnection_67b()).goodB2G_sink(data_container);
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G() throws Throwable {
    int data;

    Logger log_bad = Logger.getLogger("local-logger");

    /* init data */
    data = -1;

    /* retrieve the "pid" property */
    Properties props = new Properties();
    FileInputStream finstr = null;
    try {
      finstr = new FileInputStream("../common/config.properties");
      props.load(finstr);

      String s_data = props.getProperty("pid");
      data = Integer.parseInt(s_data.trim());
    } catch (IOException ioe) {
      log_bad.warning("Error with stream reading");
    } catch (NumberFormatException nfe) {
      log_bad.warning("Error with number parsing");
    } finally {
      /* clean up stream reading objects */
      try {
        if (finstr != null) {
          finstr.close();
        }
      } catch (IOException ioe) {
        log_bad.warning("Error closing buffread");
      }
    }

    Container data_container = new Container();
    data_container.a = data;
    (new CWE369_Divide_By_Zero__PropertiesFile_divide_67b()).goodB2G_sink(data_container);
  }
  public void bad() throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");

    data = ""; /* init data */

    Connection conn = null;
    PreparedStatement statement = null;
    ResultSet rs = null;
    BufferedReader buffread = null;
    InputStreamReader instrread = null;
    try {
      /* setup the connection */
      conn = IO.getDBConnection();

      /* prepare the query */
      statement = conn.prepareStatement("select name from users where id=?");

      /* get user input for the userid */
      IO.writeLine("Enter a userid to login as (number): ");
      instrread = new InputStreamReader(System.in);
      buffread = new BufferedReader(instrread);
      int num = Integer.parseInt(buffread.readLine());
      statement.setInt(1, num);
      rs = statement.executeQuery();

      data = rs.getString(1);
    } catch (IOException ioe) {
      log_bad.warning("Error with stream reading");
    } finally {
      /* clean up stream reading objects */
      try {
        if (buffread != null) {
          buffread.close();
        }
      } catch (IOException ioe) {
        log_bad.warning("Error closing buffread");
      } finally {
        try {
          if (instrread != null) {
            instrread.close();
          }
        } catch (IOException ioe) {
          log_bad.warning("Error closing instrread");
        }
      }

      /* clean up database objects */
      try {
        if (rs != null) {
          rs.close();
        }
      } catch (SQLException se) {
        log_bad.warning("Error closing rs");
      } finally {
        try {
          if (statement != null) {
            statement.close();
          }
        } catch (SQLException se) {
          log_bad.warning("Error closing statement");
        } finally {
          try {
            if (conn != null) {
              conn.close();
            }
          } catch (SQLException se) {
            log_bad.warning("Error closing conn");
          }
        }
      }
    }

    Container data_container = new Container();
    data_container.a = data;
    (new CWE643_Unsafe_Treatment_of_XPath_Input__fromDB_67b()).bad_sink(data_container);
  }
  public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;

    Logger log_bad = Logger.getLogger("local-logger");
    data = "";

    /* parse the query string for value of 'id' */
    String id_str = null;
    StringTokenizer st = new StringTokenizer(request.getQueryString(), "&");
    while (st.hasMoreTokens()) {
      String token = st.nextToken();
      int i = token.indexOf("=");
      if ((i > 0) && (i < (token.length() - 1)) && (token.substring(0, i).equals("id"))) {
        id_str = token.substring(i + 1);
        break;
      }
    }

    if (id_str != null) {
      Connection conn = null;
      PreparedStatement statement = null;
      ResultSet rs = null;
      try {
        int id = Integer.parseInt(id_str);
        conn = IO.getDBConnection();
        statement = conn.prepareStatement("select * from pages where id=?");
        /* FLAW: no check to see whether the user has privileges to view the data */
        statement.setInt(1, id);
        rs = statement.executeQuery();
        data = rs.toString();
      } catch (SQLException se) {
        log_bad.warning("Error");
      } finally {
        /* clean up database objects */
        try {
          if (rs != null) {
            rs.close();
          }
        } catch (SQLException se) {
          log_bad.warning("Error closing rs");
        } finally {
          try {
            if (statement != null) {
              statement.close();
            }
          } catch (SQLException se) {
            log_bad.warning("Error closing statement");
          } finally {
            try {
              if (conn != null) {
                conn.close();
              }
            } catch (SQLException se) {
              log_bad.warning("Error closing conn");
            }
          }
        }
      }
    }

    Container data_container = new Container();
    data_container.a = data;
    (new CWE80_XSS__Servlet_getQueryStringServlet_67b())
        .bad_sink(data_container, request, response);
  }