public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { int data_copy; { int data; Logger log_bad = Logger.getLogger("local-logger"); /* init Data$ */ data = -1; /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { String s_data = cookieSources[0].getValue(); data = Integer.parseInt(s_data.trim()); } data_copy = data; } { int data = data_copy; /* POTENTIAL FLAW: Zero modulus will cause an issue. An integer division will result in an exception. */ IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n"); } }
/* goodB2G() - use badsource and goodsink */ private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable { int data_copy; { int data; Logger log_bad = Logger.getLogger("local-logger"); /* init Data$ */ data = -1; /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { String s_data = cookieSources[0].getValue(); data = Integer.parseInt(s_data.trim()); } data_copy = data; } { int data = data_copy; /* FIX: test for a zero modulus */ if (data != 0) { IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n"); } else { IO.writeLine("This would result in a modulo by zero"); } } }
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; Logger log_bad = Logger.getLogger("local-logger"); /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { data = cookieSources[0].getValue(); } else { data = null; } bad_sink(data, request, response); }
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */ private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; if (IO.static_five == 5) { data = "5"; } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ Logger log_bad = Logger.getLogger("local-logger"); /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { data = cookieSources[0].getValue(); } else { data = null; } } if (IO.static_five == 5) { int loopNum; try { loopNum = Integer.parseInt(data); } catch (NumberFormatException nfe) { IO.writeLine("Invalid response. Numeric input expected. Assuming 1."); loopNum = 1; } for (int i = 0; i < loopNum; i++) { /* POTENTIAL FLAW: user supplied input used for loop counter test */ IO.writeLine("hello world"); } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ int loopNum; try { loopNum = Integer.parseInt(data); } catch (NumberFormatException nfe) { IO.writeLine("Invalid response. Numeric input expected. Assuming 1."); loopNum = 1; } /* FIX: loop number thresholds validated */ if (loopNum >= 0 && loopNum <= 5) { for (int i = 0; i < loopNum; i++) { IO.writeLine("hello world"); } } } }
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */ private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable { int data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (IO.static_final_t) { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ Logger log_bad = Logger.getLogger("local-logger"); /* init Data$ */ data = -1; /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { String s_data = cookieSources[0].getValue(); data = Integer.parseInt(s_data.trim()); } } /* INCIDENTAL: CWE 571 Statement is Always True */ if (IO.static_final_t) { int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */ if (data > 0) /* ensure we don't have an underflow */ { /* POTENTIAL FLAW: if (data*valueToMult) > MAX_VALUE, this will overflow */ int result = (data * valueToMult); IO.writeLine("result: " + result); } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */ if (data > 0) /* ensure we don't have an underflow */ { int result = 0; /* FIX: Add a check to prevent an overflow from occurring */ if (data <= (Integer.MAX_VALUE / valueToMult)) { result = (data * valueToMult); IO.writeLine("result: " + result); } else { IO.writeLine("Input value is too large to perform multiplication."); } } } }
public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { ArrayList<String> ar = new ArrayList<String>(); boolean flag = false; Cookie[] cArr = req.getCookies(); if (cArr != null) { for (int i = 0; i < cArr.length; i++) { Cookie c0 = cArr[i]; if (c0.getName().equals("Name") && !c0.getValue().equals("Logout")) { res.sendRedirect("index.html"); flag = true; } } } if (flag == false) res.sendRedirect("Login.html"); }
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { int data; Logger log_bad = Logger.getLogger("local-logger"); /* init Data$ */ data = -1; /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { String s_data = cookieSources[0].getValue(); data = Integer.parseInt(s_data.trim()); } (new CWE369_Divide_By_Zero__getCookiesServlet_divide_54b()).bad_sink(data, request, response); }
/* goodB2G() - use badsource and goodsink */ private int goodB2G_source(HttpServletRequest request, HttpServletResponse response) throws Throwable { int data; Logger log_bad = Logger.getLogger("local-logger"); /* init Data$ */ data = -1; /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { String s_data = cookieSources[0].getValue(); data = Integer.parseInt(s_data.trim()); } return data; }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable { int data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (private_returns_t()) { Logger log_bad = Logger.getLogger("local-logger"); /* init Data$ */ data = -1; /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { String s_data = cookieSources[0].getValue(); data = Integer.parseInt(s_data.trim()); } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; } /* INCIDENTAL: CWE 571 Statement is Always True */ if (private_returns_t()) { int result = 0; int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */ /* FIX: Add a check to prevent an overflow from occurring */ if (data <= (Integer.MAX_VALUE - valueToAdd)) { result = (data + valueToAdd); IO.writeLine("result: " + result); } else { IO.writeLine("Input value is too large to perform addition."); } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */ /* POTENTIAL FLAW: if (data+valueToAdd) > MAX_VALUE, this will overflow */ int result = (data + valueToAdd); IO.writeLine("result: " + result); } }
private String bad_source(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; if (badPrivate) { data = ""; /* initialize data in case there are no cookies */ /* Read data from cookies */ { Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { /* POTENTIAL FLAW: Read data from the first cookie value */ data = cookieSources[0].getValue(); } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } return data; }
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */ private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable { int data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (5 == 5) { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ Logger log_bad = Logger.getLogger("local-logger"); /* init Data$ */ data = -1; /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { String s_data = cookieSources[0].getValue(); data = Integer.parseInt(s_data.trim()); } } /* INCIDENTAL: CWE 571 Statement is Always True */ if (5 == 5) { /* POTENTIAL FLAW: Zero denominator will cause an issue. An integer division will result in an exception. */ IO.writeLine("bad: 100/" + String.valueOf(data) + " = " + (100 / data) + "\n"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ /* FIX: test for a zero denominator */ if (data != 0) { IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n"); } else { IO.writeLine("This would result in a divide by zero"); } } }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (private_final_five == 5) { Logger log_bad = Logger.getLogger("local-logger"); /* read parameter from cookie */ Cookie cookieSources[] = request.getCookies(); if (cookieSources != null) { data = cookieSources[0].getValue(); } else { data = null; } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } /* INCIDENTAL: CWE 571 Statement is Always True */ if (private_final_five == 5) { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatement */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; ++i) { sqlstatement.setString(1, names[i]); sqlstatement.addBatch(); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }