/* goodG2B() - use goodsource and badsink */
private void goodG2B() throws Throwable {
String data;
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */
Boolean bResult =
sqlstatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B() throws Throwable {
String data_copy;
{
String data;
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
data_copy = data;
}
{
String data = data_copy;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
ResultSet sqlrs = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'");
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
}
private void goodB2G() throws Throwable {
String data = goodB2G_source();
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatements */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("insert into users (status) values ('updated') where name=?");
sqlstatement.setString(1, data);
Boolean bResult = sqlstatement.execute();
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
/* goodB2G() - use badsource and goodsink */
public void goodB2G_sink(String data_array[]) throws Throwable {
String data = data_array[2];
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
/* good1() changes IO.staticReturnsTrue() to IO.staticReturnsFalse() */
private void good1() throws Throwable {
if (IO.staticReturnsFalse()) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
BufferedReader readerBuffered = null;
InputStreamReader readerInputStream = null;
try {
readerInputStream = new InputStreamReader(System.in, "UTF-8");
readerBuffered = new BufferedReader(readerInputStream);
double num = 0;
IO.writeString("Enter double number (1e-50): ");
try {
num = Double.parseDouble(readerBuffered.readLine());
} catch (NumberFormatException exceptionNumberFormat) {
IO.writeLine("Error parsing number");
}
/* FIX: check for conversion error */
if (num > Float.MAX_VALUE || num < Float.MIN_VALUE) {
IO.writeLine("Error, cannot safely cast this number to a float!");
return;
}
IO.writeLine("" + (float) num);
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
try {
if (readerBuffered != null) {
readerBuffered.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStream != null) {
readerInputStream.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
}
}
}
/* goodG2B() - use goodsource and badsink */
public void goodG2B_sink(String data_array[]) throws Throwable {
String data = data_array[2];
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch("update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
/* goodB2G() - use badsource and goodsink */
public void goodB2G_sink(String data, HttpServletRequest request, HttpServletResponse response)
throws Throwable {
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
ResultSet sqlrs = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.prepareStatement("select * from users where name=?");
sqlstatement.setString(1, data);
sqlrs = sqlstatement.executeQuery();
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
/* goodG2B() - use goodsource and badsink */
public void goodG2B_sink(String data, HttpServletRequest request, HttpServletResponse response)
throws Throwable {
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
ResultSet sqlrs = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'");
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
private void buildXmlPropertiesFile() {
System.out.println(
"\nBuilding and checking your pipeline properties file -> " + truncPipePropFile);
StringBuilder toPrint = new StringBuilder();
// walk through the prop file
String[] prop = IO.loadFileIntoStringArray(truncPipePropFile);
Pattern val = Pattern.compile("(<entry key.+>)([D|A|B].*)</entry>");
boolean missingFile = false;
for (String s : prop) {
// does it match a file needing prepending? Data/, Apps/, Bed/
Matcher mat = val.matcher(s);
if (mat.matches()) {
File test = new File(referenceDir, mat.group(2));
if (test.exists()) {
System.out.println("Found\t" + test);
toPrint.append(mat.group(1));
toPrint.append(test.toString());
toPrint.append("</entry>");
} else {
System.out.println("Misssing\t" + test);
missingFile = true;
}
}
// threads?
else if (s.contains("threads"))
toPrint.append("<entry key=\"threads\">" + threads + "</entry>");
// nope just save it and add a line return
else toPrint.append(s);
toPrint.append("\n");
}
// anything missing? if so exit
if (missingFile)
Misc.printErrAndExit(
"\nFailed to find all of the files in your properties file, see above.\n");
// OK, write it out
completePipelinePropFile = new File(outputDirectory, "pipelineProperties.xml");
if (IO.writeString(toPrint.toString(), completePipelinePropFile) == false)
Misc.printErrAndExit("Problem writing -> " + truncPipePropFile);
}
public void bad() throws Throwable {
for (int j = 0; j < 1; j++) {
BufferedReader readerBuffered = null;
InputStreamReader readerInputStream = null;
try {
/* Enter: 1e-50, result should be 0.0 (for bad case)
*
* Note: alternate input
* 999999999999999999999999999999999999999999999999999999999999999
*/
readerInputStream = new InputStreamReader(System.in, "UTF-8");
readerBuffered = new BufferedReader(readerInputStream);
double doubleNumber = 0;
IO.writeString("Enter double number (1e-50): ");
try {
doubleNumber = Double.parseDouble(readerBuffered.readLine());
} catch (NumberFormatException exceptionNumberFormat) {
IO.writeLine("Error parsing number");
}
/* FLAW: should not cast without checking if conversion is safe */
IO.writeLine("" + (float) doubleNumber);
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
try {
if (readerBuffered != null) {
readerBuffered.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStream != null) {
readerInputStream.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
}
}
}
/* good1() use the GoodSinkBody in the for statement */
private void good1() throws Throwable {
for (int k = 0; k < 1; k++) {
BufferedReader readerBuffered = null;
InputStreamReader readerInputStream = null;
try {
readerInputStream = new InputStreamReader(System.in, "UTF-8");
readerBuffered = new BufferedReader(readerInputStream);
double num = 0;
IO.writeString("Enter double number (1e-50): ");
try {
num = Double.parseDouble(readerBuffered.readLine());
} catch (NumberFormatException exceptionNumberFormat) {
IO.writeLine("Error parsing number");
}
/* FIX: check for conversion error */
if (num > Float.MAX_VALUE || num < Float.MIN_VALUE) {
IO.writeLine("Error, cannot safely cast this number to a float!");
return;
}
IO.writeLine("" + (float) num);
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
try {
if (readerBuffered != null) {
readerBuffered.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStream != null) {
readerInputStream.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
}
}
}
private void executePipelineJob() {
String[] cmd = null;
try {
// write out tempTemplate
File template = new File(outputDirectory, "pipelineTemplate.xml");
if (IO.writeString(xmlTemplate, template) == false)
Misc.printErrAndExit("Problem writing -> " + template);
// build and execute cmd
cmd =
new String[] {
"java",
"-jar",
"-Xmx2G",
pJar.getCanonicalPath(),
"-props",
completePipelinePropFile.getCanonicalPath(),
template.getCanonicalPath()
};
String stringCmd = Misc.stringArrayToString(cmd, " ");
System.out.println("\nExecuting:\n" + stringCmd);
System.out.println("\nPipelineOutput:");
String[] out = IO.executeViaProcessBuilder(cmd, true);
// check output for possible errors
for (String line : out) {
String lcLine = line.toLowerCase();
// watch out for cases where error is mentioned in a warning output line.
if (lcLine.contains("error") && lcLine.startsWith("warning") == false)
Misc.printErrAndExit(
"\n\nERROR found in Pipeline.jar output, see above. Aborting!\n" + line);
}
} catch (Exception e) {
e.printStackTrace();
Misc.printErrAndExit("ERROR: executing " + Misc.stringArrayToString(cmd, " "));
}
}
/* goodB2G() - use badsource and goodsink */
public void goodB2G_sink(Object data_obj) throws Throwable {
String data = (String) data_obj;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("insert into users (status) values ('updated') where name=?");
sqlstatement.setString(1, data);
int iResult = sqlstatement.executeUpdate();
IO.writeString("Updated " + iResult + " rows successfully.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
/* goodG2B() - use goodsource and badsink */
public void goodG2B_sink(Object data_obj) throws Throwable {
String data = (String) data_obj;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: place user input into dynamic sql query */
int iResult =
sqlstatement.executeUpdate(
"insert into users (status) values ('updated') where name='" + data + "'");
IO.writeString("Updated " + iResult + " rows successfully.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_t) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
File f = new File("C:\\data.txt");
BufferedReader buffread = null;
FileReader fread = null;
try {
/* read string from file into data */
fread = new FileReader(f);
buffread = new BufferedReader(fread);
data = buffread.readLine(); // This will be reading the first "line" of the file, which
// could be very long if there are little or no newlines in the file\
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (fread != null) {
fread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing fread");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_t) {
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatements */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement(
"insert into users (status) values ('updated') where name=?");
sqlstatement.setString(1, data);
Boolean bResult = sqlstatement.execute();
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */
Boolean bResult =
sqlstatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
public void bad() throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
/* Read data using a listening tcp connection */
ServerSocket listener = null;
Socket sock = null;
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* read input from socket */
listener = new ServerSocket(39543);
sock = listener.accept();
instrread = new InputStreamReader(sock.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine();
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
/* clean up socket objects */
try {
if (sock != null) {
sock.close();
}
} catch (IOException e) {
log_bad.warning("Error closing sock");
} finally {
try {
if (listener != null) {
listener.close();
}
} catch (IOException e) {
log_bad.warning("Error closing listener");
}
}
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t_or_f()) {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
/* goodG2B() - use goodsource and badsink by changing the first "if" so that
both branches use the GoodSource */
private void goodG2B() throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t_or_f()) {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the second switch */
private void goodB2G2() throws Throwable {
String data;
switch (6) {
case 6:
{
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
File f = new File("C:\\data.txt");
BufferedReader buffread = null;
FileReader fread = null;
try {
/* read string from file into data */
fread = new FileReader(f);
buffread = new BufferedReader(fread);
data = buffread.readLine(); // This will be reading the first "line" of the file, which
// could be very long if there are little or no newlines in the file\
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (fread != null) {
fread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing fread");
}
}
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
break;
}
switch (7) {
case 7:
{
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
break;
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_five == 5) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_five == 5) {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
public void bad() throws Throwable {
String data_copy;
{
String data;
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
/* read user input from console with readLine*/
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
instrread = new InputStreamReader(System.in);
buffread = new BufferedReader(instrread);
data = buffread.readLine();
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
}
data_copy = data;
}
{
String data = data_copy;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
ResultSet sqlrs = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'");
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G() throws Throwable {
String data_copy;
{
String data;
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
/* read user input from console with readLine*/
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
instrread = new InputStreamReader(System.in);
buffread = new BufferedReader(instrread);
data = buffread.readLine();
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
}
data_copy = data;
}
{
String data = data_copy;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
ResultSet sqlrs = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.prepareStatement("select * from users where name=?");
sqlstatement.setString(1, data);
sqlrs = sqlstatement.executeQuery();
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_t) {
Logger log_bad = Logger.getLogger("local-logger");
/* get environment variable ADD */
data = System.getenv("ADD");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_t) {
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
ResultSet sqlrs = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.prepareStatement("select * from users where name=?");
sqlstatement.setString(1, data);
sqlrs = sqlstatement.executeQuery();
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
ResultSet sqlrs = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'");
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_t) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
URLConnection conn = (new URL("http://www.example.org/")).openConnection();
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* read input from URLConnection */
instrread = new InputStreamReader(conn.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine(); // This will be reading the first "line" of the response body,
// which could be very long if there are no newlines in the HTML
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_t) {
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
ResultSet sqlrs = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.prepareStatement("select * from users where name=?");
sqlstatement.setString(1, data);
sqlrs = sqlstatement.executeQuery();
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
ResultSet sqlrs = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'");
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
String data;
if (IO.static_returns_t()) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
URLConnection conn = (new URL("http://www.example.org/")).openConnection();
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* read input from URLConnection */
instrread = new InputStreamReader(conn.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine(); // This will be reading the first "line" of the response body,
// which could be very long if there are no newlines in the HTML
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t()) {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
/* goodB2G1() - use badsource and goodsink by changing second IO.static_final_t to IO.static_final_f */
private void goodB2G1() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_final_t) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
URLConnection conn = (new URL("http://www.example.org/")).openConnection();
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* read input from URLConnection */
instrread = new InputStreamReader(conn.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine(); // This will be reading the first "line" of the response body,
// which could be very long if there are no newlines in the HTML
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 570 Statement is Always False */
if (IO.static_final_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */
Boolean bResult =
sqlstatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatements */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement(
"insert into users (status) values ('updated') where name=?");
sqlstatement.setString(1, data);
Boolean bResult = sqlstatement.execute();
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
public void bad() throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
Connection conn = null;
PreparedStatement statement = null;
ResultSet rs = null;
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* setup the connection */
conn = IO.getDBConnection();
/* prepare the query */
statement = conn.prepareStatement("select name from users where id=?");
/* get user input for the userid */
IO.writeLine("Enter a userid to login as (number): ");
instrread = new InputStreamReader(System.in);
buffread = new BufferedReader(instrread);
int num = Integer.parseInt(buffread.readLine());
statement.setInt(1, num);
rs = statement.executeQuery();
data = rs.getString(1);
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
/* clean up database objects */
try {
if (rs != null) {
rs.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing rs");
} finally {
try {
if (statement != null) {
statement.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing statement");
} finally {
try {
if (conn != null) {
conn.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing conn");
}
}
}
}
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */
Boolean bResult =
sqlstatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
String data;
if (IO.static_returns_t()) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
/* Read data using a listening tcp connection */
ServerSocket listener = null;
Socket sock = null;
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* read input from socket */
listener = new ServerSocket(39543);
sock = listener.accept();
instrread = new InputStreamReader(sock.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine();
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
/* clean up socket objects */
try {
if (sock != null) {
sock.close();
}
} catch (IOException e) {
log_bad.warning("Error closing sock");
} finally {
try {
if (listener != null) {
listener.close();
}
} catch (IOException e) {
log_bad.warning("Error closing listener");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t()) {
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatements */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement(
"insert into users (status) values ('updated') where name=?");
sqlstatement.setString(1, data);
Boolean bResult = sqlstatement.execute();
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */
Boolean bResult =
sqlstatement.execute(
"insert into users (status) values ('updated') where name='" + data + "'");
if (bResult) {
IO.writeString("Name, " + data + ", updated successfully");
} else {
IO.writeString("Unable to update records for user: "******"Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_five == 5) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
Socket sock = null;
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* Read data using an outbound tcp connection */
sock = new Socket("host.example.org", 39544);
/* read input from socket */
instrread = new InputStreamReader(sock.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine();
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
/* clean up socket objects */
try {
if (sock != null) {
sock.close();
}
} catch (IOException e) {
log_bad.warning("Error closing sock");
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_five == 5) {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
data = "";
/* parse the query string for value of 'id' */
String id_str = null;
StringTokenizer st = new StringTokenizer(request.getQueryString(), "&");
while (st.hasMoreTokens()) {
String token = st.nextToken();
int i = token.indexOf("=");
if ((i > 0) && (i < (token.length() - 1)) && (token.substring(0, i).equals("id"))) {
id_str = token.substring(i + 1);
break;
}
}
if (id_str != null) {
Connection conn = null;
PreparedStatement statement = null;
ResultSet rs = null;
try {
int id = Integer.parseInt(id_str);
conn = IO.getDBConnection();
statement = conn.prepareStatement("select * from pages where id=?");
/* FLAW: no check to see whether the user has privileges to view the data */
statement.setInt(1, id);
rs = statement.executeQuery();
data = rs.toString();
} catch (SQLException se) {
log_bad.warning("Error");
} finally {
/* clean up database objects */
try {
if (rs != null) {
rs.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing rs");
} finally {
try {
if (statement != null) {
statement.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing statement");
} finally {
try {
if (conn != null) {
conn.close();
}
} catch (SQLException se) {
log_bad.warning("Error closing conn");
}
}
}
}
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t_or_f()) {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
for (int i = 0; i < names.length; ++i) {
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlstatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
} else {
String names[] = data.split("-");
int iSuccess = 0;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
PreparedStatement sqlstatement = null;
try {
/* FIX: use prepared sqlstatement */
conn_tmp2 = IO.getDBConnection();
sqlstatement =
conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; ++i) {
sqlstatement.setString(1, names[i]);
sqlstatement.addBatch();
}
int dbResults[] = sqlstatement.executeBatch();
for (int i = 0; i < names.length; ++i) {
if (dbResults[i] > 0) {
iSuccess++;
}
}
IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries.");
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
