/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { int data; /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE789_Uncontrolled_Mem_Alloc__random_HashSet_67b()).goodG2BSink(dataContainer); }
/* goodB2G() - use badsource and goodsink */ private void goodB2G() throws Throwable { int data; /* POTENTIAL FLAW: Set data to a random value */ data = (new SecureRandom()).nextInt(); Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE190_Integer_Overflow__int_random_square_67b()).goodB2GSink(dataContainer); }
public void bad() throws Throwable { int data; /* POTENTIAL FLAW: Set data to a random value */ data = (new SecureRandom()).nextInt(); Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE789_Uncontrolled_Mem_Alloc__random_HashSet_67b()).badSink(dataContainer); }
/* goodB2G() - use badsource and goodsink */ private void goodB2G() throws Throwable { String data; /* POTENTIAL FLAW: data may be set to null */ data = System.getProperty("CWE690"); Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE690_NULL_Deref_From_Return__System_getProperty_trim_67b()).goodB2GSink(dataContainer); }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { int data; /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE190_Integer_Overflow__int_random_square_67b()).goodG2BSink(dataContainer); }
/* goodB2G() - use badsource and goodsink */ private void goodB2G() throws Throwable { int data; /* POTENTIAL FLAW: Use the maximum value for this type */ data = Integer.MAX_VALUE; Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE190_Integer_Overflow__int_max_add_67b()).goodB2GSink(dataContainer); }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { String data; /* FIX: Set data to a fixed, non-null String */ data = "CWE690"; Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE690_NULL_Deref_From_Return__System_getProperty_trim_67b()).goodG2BSink(dataContainer); }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { int data; /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE129_Improper_Validation_of_Array_Index__File_array_read_no_check_67b()) .goodG2BSink(dataContainer); }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { String data; /* FIX: Use a hardcoded string */ data = "foo"; Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE15_External_Control_of_System_or_Configuration_Setting__console_readLine_67b()) .goodG2BSink(dataContainer); }
/* goodB2G() - use badsource and goodsink */ private void goodB2G() throws Throwable { byte data; /* POTENTIAL FLAW: Use a random value */ data = (byte) ((new java.security.SecureRandom()).nextInt(1 + Byte.MAX_VALUE - Byte.MIN_VALUE) + Byte.MIN_VALUE); Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE190_Integer_Overflow__byte_rand_add_67b()).goodB2GSink(dataContainer); }
public void bad() throws Throwable { String data; data = ""; /* Initialize data */ { InputStreamReader readerInputStream = null; BufferedReader readerBuffered = null; /* read user input from console with readLine */ try { readerInputStream = new InputStreamReader(System.in, "UTF-8"); readerBuffered = new BufferedReader(readerInputStream); /* POTENTIAL FLAW: Read data from the console using readLine */ data = readerBuffered.readLine(); } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO); } finally { try { if (readerBuffered != null) { readerBuffered.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO); } try { if (readerInputStream != null) { readerInputStream.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO); } } } /* NOTE: Tools may report a flaw here because buffread and isr are not closed. Unfortunately, closing those will close System.in, which will cause any future attempts to read from the console to fail and throw an exception */ Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE15_External_Control_of_System_or_Configuration_Setting__console_readLine_67b()) .badSink(dataContainer); }
/* goodB2G() - use badsource and goodsink */ private void goodB2G() throws Throwable { short data; /* init data */ data = -1; /* POTENTIAL FLAW: Read data from console with readLine*/ BufferedReader readerBuffered = null; InputStreamReader readerInputStream = null; try { readerInputStream = new InputStreamReader(System.in, "UTF-8"); readerBuffered = new BufferedReader(readerInputStream); String stringNumber = readerBuffered.readLine(); if (stringNumber != null) { data = Short.parseShort(stringNumber.trim()); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO); } catch (NumberFormatException exceptNumberFormat) { IO.logger.log(Level.WARNING, "Error with number parsing", exceptNumberFormat); } finally { /* clean up stream reading objects */ try { if (readerBuffered != null) { readerBuffered.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO); } finally { try { if (readerInputStream != null) { readerInputStream.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO); } } } Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE190_Integer_Overflow__short_console_readLine_square_67b()).goodB2GSink(dataContainer); }
public void bad() throws Throwable { int data; data = Integer.MIN_VALUE; /* Initialize data */ { File file = new File("C:\\data.txt"); FileInputStream streamFileInput = null; InputStreamReader readerInputStream = null; BufferedReader readerBuffered = null; try { /* read string from file into data */ streamFileInput = new FileInputStream(file); readerInputStream = new InputStreamReader(streamFileInput, "UTF-8"); readerBuffered = new BufferedReader(readerInputStream); /* POTENTIAL FLAW: Read data from a file */ /* This will be reading the first "line" of the file, which * could be very long if there are little or no newlines in the file */ String stringNumber = readerBuffered.readLine(); if (stringNumber != null) /* avoid NPD incidental warnings */ { try { data = Integer.parseInt(stringNumber.trim()); } catch (NumberFormatException exceptNumberFormat) { IO.logger.log( Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat); } } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO); } finally { /* Close stream reading objects */ try { if (readerBuffered != null) { readerBuffered.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO); } try { if (readerInputStream != null) { readerInputStream.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO); } try { if (streamFileInput != null) { streamFileInput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO); } } } Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE129_Improper_Validation_of_Array_Index__File_array_read_no_check_67b()) .badSink(dataContainer); }
public void bad() throws Throwable { int data; data = Integer.MIN_VALUE; /* Initialize data */ /* Read data from a database */ { Connection connection = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; try { /* setup the connection */ connection = IO.getDBConnection(); /* prepare and execute a (hardcoded) query */ preparedStatement = connection.prepareStatement("select name from users where id=0"); resultSet = preparedStatement.executeQuery(); /* POTENTIAL FLAW: Read data from a database query resultset */ String stringNumber = resultSet.getString(1); if (stringNumber != null) /* avoid NPD incidental warnings */ { try { data = Integer.parseInt(stringNumber.trim()); } catch (NumberFormatException exceptNumberFormat) { IO.logger.log( Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat); } } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error with SQL statement", exceptSql); } finally { /* Close database objects */ try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (preparedStatement != null) { preparedStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (connection != null) { connection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } Container dataContainer = new Container(); dataContainer.containerOne = data; (new CWE191_Integer_Underflow__int_database_multiply_67b()).badSink(dataContainer); }