Exemple #1
0
 public Object getData(final WModelIndex index, int role) {
   if (role != ItemDataRole.DisplayRole) {
     return super.getData(index, role);
   }
   double delta_y = (this.yEnd_ - this.yStart_) / (this.getColumnCount() - 2);
   if (index.getRow() == 0) {
     if (index.getColumn() == 0) {
       return 0.0;
     }
     return this.yStart_ + (index.getColumn() - 1) * delta_y;
   }
   double delta_x = (this.xEnd_ - this.xStart_) / (this.getRowCount() - 2);
   if (index.getColumn() == 0) {
     if (index.getRow() == 0) {
       return 0.0;
     }
     return this.xStart_ + (index.getRow() - 1) * delta_x;
   }
   double x;
   double y;
   y = this.yStart_ + (index.getColumn() - 1) * delta_y;
   x = this.xStart_ + (index.getRow() - 1) * delta_x;
   return 4
       * Math.sin(Math.sqrt(Math.pow(x, 2) + Math.pow(y, 2)))
       / Math.sqrt(Math.pow(x, 2) + Math.pow(y, 2));
 }
  /* goodB2G1() - use badsource and goodsink by changing second PRIVATE_STATIC_FINAL_FIVE==5 to PRIVATE_STATIC_FINAL_FIVE!=5 */
  private void goodB2G1() throws Throwable {
    short data;
    if (PRIVATE_STATIC_FINAL_FIVE == 5) {
      /* POTENTIAL FLAW: Use a random value */
      data =
          (short)
              ((new java.security.SecureRandom()).nextInt(1 + Short.MAX_VALUE - Short.MIN_VALUE)
                  + Short.MIN_VALUE);
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = 0;
    }

    if (PRIVATE_STATIC_FINAL_FIVE != 5) {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
      IO.writeLine("Benign, fixed string");
    } else {

      /* FIX: Add a check to prevent an overflow from occurring */
      /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
      if ((data != Integer.MIN_VALUE)
          && (data != Long.MIN_VALUE)
          && (Math.abs(data) <= (long) Math.sqrt(Short.MAX_VALUE))) {
        short result = (short) (data * data);
        IO.writeLine("result: " + result);
      } else {
        IO.writeLine("data value is too large to perform squaring.");
      }
    }
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    int data;

    data = Integer.MIN_VALUE; /* Initialize data */

    /* POTENTIAL FLAW: Read data from a querystring using getParameter() */
    {
      String stringNumber = request.getParameter("name");

      try {
        data = Integer.parseInt(stringNumber.trim());
      } catch (NumberFormatException exceptNumberFormat) {
        IO.logger.log(
            Level.WARNING,
            "Number format exception reading data from parameter 'name'",
            exceptNumberFormat);
      }
    }

    /* FIX: Add a check to prevent an overflow from occurring */
    /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
    if ((data != Integer.MIN_VALUE)
        && (data != Long.MIN_VALUE)
        && (Math.abs(data) <= (long) Math.sqrt(Integer.MAX_VALUE))) {
      int result = (int) (data * data);
      IO.writeLine("result: " + result);
    } else {
      IO.writeLine("data value is too large to perform squaring.");
    }
  }
  /* goodB2G1() - use badsource and goodsink by changing second privateReturnsTrue() to privateReturnsFalse() */
  private void goodB2G1() throws Throwable {
    long data;
    if (privateReturnsTrue()) {
      /* POTENTIAL FLAW: Use the maximum size of the data type */
      data = Long.MAX_VALUE;
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = 0L;
    }

    if (privateReturnsFalse()) {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
      IO.writeLine("Benign, fixed string");
    } else {

      /* FIX: Add a check to prevent an overflow from occurring */
      /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
      if ((data != Integer.MIN_VALUE)
          && (data != Long.MIN_VALUE)
          && (Math.abs(data) <= (long) Math.sqrt(Long.MAX_VALUE))) {
        long result = (long) (data * data);
        IO.writeLine("result: " + result);
      } else {
        IO.writeLine("data value is too large to perform squaring.");
      }
    }
  }
  /* goodB2G1() - use badsource and goodsink by changing second IO.staticReturnsTrue() to IO.staticReturnsFalse() */
  private void goodB2G1() throws Throwable {
    int data;
    if (IO.staticReturnsTrue()) {
      data = Integer.MIN_VALUE; /* Initialize data */
      /* retrieve the property */
      {
        Properties properties = new Properties();
        FileInputStream streamFileInput = null;
        try {
          streamFileInput = new FileInputStream("../common/config.properties");
          properties.load(streamFileInput);
          /* POTENTIAL FLAW: Read data from a .properties file */
          String stringNumber = properties.getProperty("data");
          if (stringNumber != null) // avoid NPD incidental warnings
          {
            try {
              data = Integer.parseInt(stringNumber.trim());
            } catch (NumberFormatException exceptNumberFormat) {
              IO.logger.log(
                  Level.WARNING,
                  "Number format exception parsing data from string",
                  exceptNumberFormat);
            }
          }
        } catch (IOException exceptIO) {
          IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
        } finally {
          /* Close stream reading object */
          try {
            if (streamFileInput != null) {
              streamFileInput.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
          }
        }
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = 0;
    }

    if (IO.staticReturnsFalse()) {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
      IO.writeLine("Benign, fixed string");
    } else {

      /* FIX: Add a check to prevent an overflow from occurring */
      /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
      if ((data != Integer.MIN_VALUE)
          && (data != Long.MIN_VALUE)
          && (Math.abs(data) <= (long) Math.sqrt(Integer.MAX_VALUE))) {
        int result = (int) (data * data);
        IO.writeLine("result: " + result);
      } else {
        IO.writeLine("data value is too large to perform squaring.");
      }
    }
  }
  private void goodB2GSink(byte data) throws Throwable {

    /* FIX: Add a check to prevent an overflow from occurring */
    /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
    if ((data != Integer.MIN_VALUE)
        && (data != Long.MIN_VALUE)
        && (Math.abs(data) <= (long) Math.sqrt(Byte.MAX_VALUE))) {
      byte result = (byte) (data * data);
      IO.writeLine("result: " + result);
    } else {
      IO.writeLine("data value is too large to perform squaring.");
    }
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G() throws Throwable {
    int data = (new CWE190_Integer_Overflow__int_Environment_square_61b()).goodB2GSource();

    /* FIX: Add a check to prevent an overflow from occurring */
    /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
    if ((data != Integer.MIN_VALUE)
        && (data != Long.MIN_VALUE)
        && (Math.abs(data) <= (long) Math.sqrt(Integer.MAX_VALUE))) {
      int result = (int) (data * data);
      IO.writeLine("result: " + result);
    } else {
      IO.writeLine("data value is too large to perform squaring.");
    }
  }
  /* goodB2G() - use BadSource and GoodSink */
  public void goodB2GSink(HashMap<Integer, Long> dataHashMap) throws Throwable {
    long data = dataHashMap.get(2);

    /* FIX: Add a check to prevent an overflow from occurring */
    /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
    if ((data != Integer.MIN_VALUE)
        && (data != Long.MIN_VALUE)
        && (Math.abs(data) <= (long) Math.sqrt(Long.MAX_VALUE))) {
      long result = (long) (data * data);
      IO.writeLine("result: " + result);
    } else {
      IO.writeLine("data value is too large to perform squaring.");
    }
  }
  /* goodB2G() - use badsource and goodsink */
  public void goodB2GSink(int data, HttpServletRequest request, HttpServletResponse response)
      throws Throwable {

    /* FIX: Add a check to prevent an overflow from occurring */
    /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
    if ((data != Integer.MIN_VALUE)
        && (data != Long.MIN_VALUE)
        && (Math.abs(data) <= (long) Math.sqrt(Integer.MAX_VALUE))) {
      int result = (int) (data * data);
      IO.writeLine("result: " + result);
    } else {
      IO.writeLine("data value is too large to perform squaring.");
    }
  }
  /* goodB2G() - use BadSource and GoodSink */
  public void goodB2GSink(byte[] dataSerialized) throws Throwable {
    /* unserialize data */
    ByteArrayInputStream streamByteArrayInput = null;
    ObjectInputStream streamObjectInput = null;

    try {
      streamByteArrayInput = new ByteArrayInputStream(dataSerialized);
      streamObjectInput = new ObjectInputStream(streamByteArrayInput);
      int data = (Integer) streamObjectInput.readObject();

      /* FIX: Add a check to prevent an overflow from occurring */
      /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
      if ((data != Integer.MIN_VALUE)
          && (data != Long.MIN_VALUE)
          && (Math.abs(data) <= (long) Math.sqrt(Integer.MAX_VALUE))) {
        int result = (int) (data * data);
        IO.writeLine("result: " + result);
      } else {
        IO.writeLine("data value is too large to perform squaring.");
      }

    } catch (IOException exceptIO) {
      IO.logger.log(Level.WARNING, "IOException in deserialization", exceptIO);
    } catch (ClassNotFoundException exceptClassNotFound) {
      IO.logger.log(
          Level.WARNING, "ClassNotFoundException in deserialization", exceptClassNotFound);
    } finally {
      /* clean up stream reading objects */
      try {
        if (streamObjectInput != null) {
          streamObjectInput.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ObjectInputStream", exceptIO);
      }

      try {
        if (streamByteArrayInput != null) {
          streamByteArrayInput.close();
        }
      } catch (IOException exceptIO) {
        IO.logger.log(Level.WARNING, "Error closing ByteArrayInputStream", exceptIO);
      }
    }
  }
  /* goodB2G2() - use badsource and goodsink by reversing statements in second if  */
  private void goodB2G2() throws Throwable {
    int data;
    if (PRIVATE_STATIC_FINAL_FIVE == 5) {
      data = Integer.MIN_VALUE; /* Initialize data */
      {
        File file = new File("C:\\data.txt");
        FileInputStream streamFileInput = null;
        InputStreamReader readerInputStream = null;
        BufferedReader readerBuffered = null;
        try {
          /* read string from file into data */
          streamFileInput = new FileInputStream(file);
          readerInputStream = new InputStreamReader(streamFileInput, "UTF-8");
          readerBuffered = new BufferedReader(readerInputStream);
          /* POTENTIAL FLAW: Read data from a file */
          /* This will be reading the first "line" of the file, which
           * could be very long if there are little or no newlines in the file */
          String stringNumber = readerBuffered.readLine();
          if (stringNumber != null) /* avoid NPD incidental warnings */ {
            try {
              data = Integer.parseInt(stringNumber.trim());
            } catch (NumberFormatException exceptNumberFormat) {
              IO.logger.log(
                  Level.WARNING,
                  "Number format exception parsing data from string",
                  exceptNumberFormat);
            }
          }
        } catch (IOException exceptIO) {
          IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
        } finally {
          /* Close stream reading objects */
          try {
            if (readerBuffered != null) {
              readerBuffered.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
          }

          try {
            if (readerInputStream != null) {
              readerInputStream.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
          }

          try {
            if (streamFileInput != null) {
              streamFileInput.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
          }
        }
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = 0;
    }

    if (PRIVATE_STATIC_FINAL_FIVE == 5) {
      /* FIX: Add a check to prevent an overflow from occurring */
      /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
      if ((data != Integer.MIN_VALUE)
          && (data != Long.MIN_VALUE)
          && (Math.abs(data) <= (long) Math.sqrt(Integer.MAX_VALUE))) {
        int result = (int) (data * data);
        IO.writeLine("result: " + result);
      } else {
        IO.writeLine("data value is too large to perform squaring.");
      }
    }
  }
  /* goodB2G2() - use badsource and goodsink by reversing statements in second if  */
  private void goodB2G2() throws Throwable {
    int data;
    if (IO.staticTrue) {
      data = Integer.MIN_VALUE; /* Initialize data */
      /* Read data from a database */
      {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
          /* setup the connection */
          connection = IO.getDBConnection();
          /* prepare and execute a (hardcoded) query */
          preparedStatement = connection.prepareStatement("select name from users where id=0");
          resultSet = preparedStatement.executeQuery();
          /* POTENTIAL FLAW: Read data from a database query resultset */
          String stringNumber = resultSet.getString(1);
          if (stringNumber != null) /* avoid NPD incidental warnings */ {
            try {
              data = Integer.parseInt(stringNumber.trim());
            } catch (NumberFormatException exceptNumberFormat) {
              IO.logger.log(
                  Level.WARNING,
                  "Number format exception parsing data from string",
                  exceptNumberFormat);
            }
          }
        } catch (SQLException exceptSql) {
          IO.logger.log(Level.WARNING, "Error with SQL statement", exceptSql);
        } finally {
          /* Close database objects */
          try {
            if (resultSet != null) {
              resultSet.close();
            }
          } catch (SQLException exceptSql) {
            IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
          }

          try {
            if (preparedStatement != null) {
              preparedStatement.close();
            }
          } catch (SQLException exceptSql) {
            IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
          }

          try {
            if (connection != null) {
              connection.close();
            }
          } catch (SQLException exceptSql) {
            IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
          }
        }
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = 0;
    }

    if (IO.staticTrue) {
      /* FIX: Add a check to prevent an overflow from occurring */
      /* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
      if ((data != Integer.MIN_VALUE)
          && (data != Long.MIN_VALUE)
          && (Math.abs(data) <= (long) Math.sqrt(Integer.MAX_VALUE))) {
        int result = (int) (data * data);
        IO.writeLine("result: " + result);
      } else {
        IO.writeLine("data value is too large to perform squaring.");
      }
    }
  }