/* goodG2B1() - use goodsource and badsink by changing the first switch to switch(5) */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
switch (5) {
case 6:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
/* POTENTIAL FLAW: sending login credentials information */
data = "Your username is: user1\nYour password is: w8KNdsa9\n";
}
break;
default:
{
/*FIX: send non-sensitive information */
data = "The weather is San Diego is 75 and sunny";
}
break;
}
switch (7) {
case 7:
{
PrintWriter out = null;
try {
out = response.getWriter();
/* POTENTIAL FLAW: transmitting login credentials across a possibly non-SSL connection */
out.println(data);
} catch (IOException e) {
IO.writeLine("There was a problem writing");
} finally {
if (out != null) {
out.close();
}
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
PrintWriter out = null;
try {
/* FIX: ensure the connection is secure */
if (request.isSecure()) {
out = response.getWriter();
out.println(data);
}
} catch (IOException e) {
IO.writeLine("There was a problem writing");
} finally {
if (out != null) {
out.close();
}
}
}
break;
}
}
/* goodB2G() - use badsource and goodsink */
public void goodB2G_sink(String data, HttpServletRequest request, HttpServletResponse response)
throws Throwable {
PrintWriter out = null;
try {
/* FIX: ensure the connection is secure */
if (request.isSecure()) {
out = response.getWriter();
out.println(data);
}
} catch (IOException e) {
IO.writeLine("There was a problem writing");
} finally {
if (out != null) {
out.close();
}
}
}
/* goodG2B1() - use goodsource and badsink by changing first IO.static_final_five==5 to IO.static_final_five!=5 */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_final_five != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* POTENTIAL FLAW: sending sensitive information */
data = "This is your bank account info: Account Number: 12345, Balance: $1,000,000";
} else {
/*FIX: send non-sensitive information */
data = "The weather is San Diego is 75 and sunny";
}
if (IO.static_final_five == 5) {
PrintWriter out = null;
try {
out = response.getWriter();
/* POTENTIAL FLAW: transmitting sensitive info across a possibly non-SSL connection */
out.println(data);
} catch (IOException e) {
IO.writeLine("There was a problem writing");
} finally {
if (out != null) {
out.close();
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
PrintWriter out = null;
try {
/* FIX: ensure the connection is secure */
if (request.isSecure()) {
out = response.getWriter();
out.println(data);
}
} catch (IOException e) {
IO.writeLine("There was a problem writing");
} finally {
if (out != null) {
out.close();
}
}
}
}