public void bad() throws Throwable {
int count;
if (privateFive == 5) {
count = Integer.MIN_VALUE; /* Initialize count */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read count from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing count from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (privateFive == 5) {
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
}
public void action(int count) throws Throwable {
/* FIX: Validate count before using it in a call to Thread.sleep() */
if (count > 0 && count <= 2000) {
Thread.sleep(count);
}
}
public void bad() throws Throwable {
int count;
if (5 == 5) {
count = Integer.MIN_VALUE; /* Initialize count */
/* read input from URLConnection */
{
URLConnection urlConnection = (new URL("http://www.example.org/")).openConnection();
BufferedReader readerBuffered = null;
InputStreamReader readerInputStream = null;
try {
readerInputStream = new InputStreamReader(urlConnection.getInputStream(), "UTF-8");
readerBuffered = new BufferedReader(readerInputStream);
/* POTENTIAL FLAW: Read count from a web server with URLConnection */
/* This will be reading the first "line" of the response body,
* which could be very long if there are no newlines in the HTML */
String stringNumber = readerBuffered.readLine();
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing count from string",
exceptNumberFormat);
}
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
/* clean up stream reading objects */
try {
if (readerBuffered != null) {
readerBuffered.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStream != null) {
readerInputStream.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (5 == 5) {
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
}
/* goodB2G() - use badsource and goodsink */
public void goodB2GSink(int countArray[]) throws Throwable {
int count = countArray[2];
/* FIX: Validate count before using it in a call to Thread.sleep() */
if (count > 0 && count <= 2000) {
Thread.sleep(count);
}
}
/* goodB2G() - use BadSource and GoodSink */
public void goodB2GSink(Vector<Integer> countVector) throws Throwable {
int count = countVector.remove(2);
/* FIX: Validate count before using it in a call to Thread.sleep() */
if (count > 0 && count <= 2000) {
Thread.sleep(count);
}
}
private void goodB2GSink() throws Throwable {
int count = countGoodB2G;
/* FIX: Validate count before using it in a call to Thread.sleep() */
if (count > 0 && count <= 2000) {
Thread.sleep(count);
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B() throws Throwable {
int count;
while (true) {
/* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */
count = 2;
break;
}
while (true) {
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
break;
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2() throws Throwable {
int count;
if (privateReturnsTrue()) {
/* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */
count = 2;
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (privateReturnsTrue()) {
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
}
/* goodB2G1() - use badsource and goodsink by changing second privateFive==5 to privateFive!=5 */
private void goodB2G1() throws Throwable {
int count;
if (privateFive == 5) {
count = Integer.MIN_VALUE; /* Initialize count */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read count from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing count from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (privateFive != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
/* FIX: Validate count before using it in a call to Thread.sleep() */
if (count > 0 && count <= 2000) {
Thread.sleep(count);
}
}
}
public void badSink(int countArray[]) throws Throwable {
int count = countArray[2];
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
public void bad() throws Throwable {
int count;
while (true) {
count = Integer.MIN_VALUE; /* Initialize count */
{
File file = new File("C:\\data.txt");
FileInputStream streamFileInput = null;
InputStreamReader readerInputStream = null;
BufferedReader readerBuffered = null;
try {
/* read string from file into count */
streamFileInput = new FileInputStream(file);
readerInputStream = new InputStreamReader(streamFileInput, "UTF-8");
readerBuffered = new BufferedReader(readerInputStream);
/* POTENTIAL FLAW: Read count from a file */
/* This will be reading the first "line" of the file, which
* could be very long if there are little or no newlines in the file */
String stringNumber = readerBuffered.readLine();
if (stringNumber != null) /* avoid NPD incidental warnings */ {
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing count from string",
exceptNumberFormat);
}
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
/* Close stream reading objects */
try {
if (readerBuffered != null) {
readerBuffered.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStream != null) {
readerInputStream.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
try {
if (streamFileInput != null) {
streamFileInput.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
}
}
}
break;
}
while (true) {
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
break;
}
}
public void bad() throws Throwable {
int count;
if (privateReturnsTrue()) {
count = Integer.MIN_VALUE; /* Initialize count */
{
ServerSocket listener = null;
Socket socket = null;
BufferedReader readerBuffered = null;
InputStreamReader readerInputStream = null;
/* Read data using a listening tcp connection */
try {
listener = new ServerSocket(39543);
socket = listener.accept();
/* read input from socket */
readerInputStream = new InputStreamReader(socket.getInputStream(), "UTF-8");
readerBuffered = new BufferedReader(readerInputStream);
/* POTENTIAL FLAW: Read count using a listening tcp connection */
String stringNumber = readerBuffered.readLine();
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing count from string",
exceptNumberFormat);
}
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
/* Close stream reading objects */
try {
if (readerBuffered != null) {
readerBuffered.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStream != null) {
readerInputStream.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
/* Close socket objects */
try {
if (socket != null) {
socket.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing Socket", exceptIO);
}
try {
if (listener != null) {
listener.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ServerSocket", exceptIO);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (privateReturnsTrue()) {
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
int count;
if (IO.STATIC_FINAL_TRUE) {
count = Integer.MIN_VALUE; /* Initialize count */
{
File file = new File("C:\\data.txt");
FileInputStream streamFileInput = null;
InputStreamReader readerInputStream = null;
BufferedReader readerBuffered = null;
try {
/* read string from file into count */
streamFileInput = new FileInputStream(file);
readerInputStream = new InputStreamReader(streamFileInput, "UTF-8");
readerBuffered = new BufferedReader(readerInputStream);
/* POTENTIAL FLAW: Read count from a file */
/* This will be reading the first "line" of the file, which
* could be very long if there are little or no newlines in the file */
String stringNumber = readerBuffered.readLine();
if (stringNumber != null) /* avoid NPD incidental warnings */ {
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing count from string",
exceptNumberFormat);
}
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
/* Close stream reading objects */
try {
if (readerBuffered != null) {
readerBuffered.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStream != null) {
readerInputStream.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
try {
if (streamFileInput != null) {
streamFileInput.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (IO.STATIC_FINAL_TRUE) {
/* FIX: Validate count before using it in a call to Thread.sleep() */
if (count > 0 && count <= 2000) {
Thread.sleep(count);
}
}
}
private void badSink() throws Throwable {
int count = countBad;
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
/* goodG2B() - use goodsource and badsink */
public void goodG2BSink(int count) throws Throwable {
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
/* goodG2B() - use GoodSource and BadSink */
public void goodG2BSink(Vector<Integer> countVector) throws Throwable {
int count = countVector.remove(2);
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
private void goodG2BSink() throws Throwable {
int count = countGoodG2B;
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}