/* goodG2B() - use goodsource and badsink by changing the "if" so that
both branches use the GoodSource */
private void goodG2B() throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* POTENTIAL FLAW: unvalidated or sandboxed value */
File fIn = new File(data);
if (fIn.exists() && fIn.isFile()) {
IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine());
}
}
/* uses badsource and badsink - see how tools report flaws that don't always occur */
public void bad() throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
Connection conn = null;
PreparedStatement statement = null;
ResultSet rs = null;
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* setup the connection */
conn = IO.getDBConnection();
/* prepare the query */
statement = conn.prepareStatement("select name from users where id=?");
/* get user input for the userid */
IO.writeLine("Enter a userid to login as (number): ");
instrread = new InputStreamReader(System.in);
buffread = new BufferedReader(instrread);
int num = Integer.parseInt(buffread.readLine());
statement.setInt(1, num);
rs = statement.executeQuery();
data = rs.getString(1);
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
/* clean up database objects */
try {
if (rs != null) {
rs.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing rs");
} finally {
try {
if (statement != null) {
statement.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing statement");
} finally {
try {
if (conn != null) {
conn.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing conn");
}
}
}
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
String root = "C:\\uploads\\";
/* POTENTIAL FLAW: no validation of concatenated value */
File fIn = new File(root + data);
if (fIn.exists() && fIn.isFile()) {
IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine());
}
}
public void bad() throws Throwable {
if (IO.static_returns_t_or_f()) {
java.util.logging.Logger log_bs = java.util.logging.Logger.getLogger("local-logger");
Socket sock = null;
PrintWriter out = null;
try {
sock = new Socket("remote_host", 1337);
out = new PrintWriter(sock.getOutputStream(), true);
/* FLAW: sending over an unencrypted (non-SSL) channel */
out.println("plaintext send");
} catch (Exception ex) {
IO.writeLine("Error writing to the socket");
} finally {
try {
if (out != null) {
out.close();
}
} catch (Exception e) {
log_bs.warning("Error closing out");
}
try {
if (sock != null) {
sock.close();
}
} catch (Exception e) {
log_bs.warning("Error closing sock");
}
}
} else {
java.util.logging.Logger log_gs = java.util.logging.Logger.getLogger("local-logger");
OutputStream outStream = null;
BufferedWriter bWriter = null;
OutputStreamWriter outStreamWriter = null;
SSLSocketFactory sslssocketfactory = null;
SSLSocket sslsocket = null;
try {
sslssocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
sslsocket = (SSLSocket) sslssocketfactory.createSocket("remote_host", 1337);
outStream = sslsocket.getOutputStream();
outStreamWriter = new OutputStreamWriter(outStream);
bWriter = new BufferedWriter(outStreamWriter);
/* FIX: sending over an SSL encrypted channel */
bWriter.write("encrypted send");
bWriter.flush();
} catch (Exception ex) {
IO.writeLine("Error writing to the socket");
} finally {
try {
if (bWriter != null) {
bWriter.close();
}
} catch (IOException e) {
log_gs.warning("Error closing bWriter");
} finally {
try {
if (outStreamWriter != null) {
outStreamWriter.close();
}
} catch (IOException e) {
log_gs.warning("Error closing outStreamWriter");
}
}
try {
if (sslsocket != null) {
sslsocket.close();
}
} catch (Exception e) {
log_gs.warning("Error closing sslsocket");
}
}
}
}
/* uses badsource and badsink - see how tools report flaws that don't always occur */
public void bad() throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
/* Read data using a listening tcp connection */
ServerSocket listener = null;
Socket sock = null;
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* read input from socket */
listener = new ServerSocket(39543);
sock = listener.accept();
instrread = new InputStreamReader(sock.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine();
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
/* clean up socket objects */
try {
if (sock != null) {
sock.close();
}
} catch (IOException e) {
log_bad.warning("Error closing sock");
} finally {
try {
if (listener != null) {
listener.close();
}
} catch (IOException e) {
log_bad.warning("Error closing listener");
}
}
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* POTENTIAL FLAW: unvalidated or sandboxed value */
File fIn = new File(data);
if (fIn.exists() && fIn.isFile()) {
IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine());
}
}
