public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* We need to have one source outside of a for loop in order
to prevent the Java compiler from generating an error because
data is uninitialized */
/* POTENTIAL FLAW: data may be set to null */
data = request.getParameter("CWE690");
for (int for_index_i = 0; for_index_i < 0; for_index_i++) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: Set data to a fixed, non-null String */
data = "CWE690";
}
for (int for_index_j = 0; for_index_j < 1; for_index_j++) {
/* POTENTIAL FLAW: data could be null */
String sOut = data.trim();
IO.writeLine(sOut);
}
for (int for_index_k = 0; for_index_k < 0; for_index_k++) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: explicit check for null */
if (data != null) {
String sOut = data.trim();
IO.writeLine(sOut);
}
}
}
/* goodG2B() - use goodsource and badsink by changing the "if" so that
* both branches use the GoodSource */
private void goodG2B() throws Throwable {
String data;
if (IO.staticReturnsTrueOrFalse()) {
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* FIX: Use a hardcoded string */
data = "foo";
}
Connection dbConnection = null;
try {
dbConnection = IO.getDBConnection();
/* POTENTIAL FLAW: Set the catalog name with the value of data
* allowing a nonexistent catalog name or unauthorized access to a portion of the DB */
dbConnection.setCatalog(data);
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
/* goodG2B() - use goodsource and badsink by changing the first "if" so that
both branches use the GoodSource */
private void goodG2B() throws Throwable {
int data;
if (IO.static_returns_t_or_f()) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
if (IO.static_returns_t_or_f()) {
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data < 0) /* ensure we don't have an overflow */ {
/* POTENTIAL FLAW: if (data*valueToMult) < MIN_VALUE, this will overflow */
int result = (data * valueToMult);
IO.writeLine("result: " + result);
}
} else {
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data < 0) /* ensure we don't have an overflow */ {
/* POTENTIAL FLAW: if (data*valueToMult) < MIN_VALUE, this will overflow */
int result = (data * valueToMult);
IO.writeLine("result: " + result);
}
}
}
/* goodG2B1() - use goodsource and badsink by changing first IO.static_five==5 to IO.static_five!=5 */
private void goodG2B1() throws Throwable {
int data;
if (IO.static_five != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* POTENTIAL FLAW: Use the maximum value for this type */
data = Integer.MAX_VALUE;
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
if (IO.static_five == 5) {
int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */
/* POTENTIAL FLAW: if (data+valueToAdd) > MAX_VALUE, this will overflow */
int result = (data + valueToAdd);
IO.writeLine("result: " + result);
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
int result = 0;
int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */
/* FIX: Add a check to prevent an overflow from occurring */
if (data <= (Integer.MAX_VALUE - valueToAdd)) {
result = (data + valueToAdd);
IO.writeLine("result: " + result);
} else {
IO.writeLine("Input value is too large to perform addition.");
}
}
}
/* goodG2B1() - use goodsource and badsink by changing first private_final_t to private_final_f */
private void goodG2B1() throws Throwable {
int data;
/* INCIDENTAL: CWE 570 Statement is Always False */
if (private_final_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
SecureRandom r = new SecureRandom();
data = r.nextInt();
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_t) {
/* POTENTIAL FLAW: Zero denominator will cause an issue. An integer division will
result in an exception. */
IO.writeLine("bad: 100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: test for a zero denominator */
if (data != 0) {
IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
IO.writeLine("This would result in a divide by zero");
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_final_five == 5) {
/* FIX: Set data to a fixed, non-null String */
data = "CWE690";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* POTENTIAL FLAW: data may be set to null */
data = request.getParameter("CWE690");
}
if (IO.static_final_five == 5) {
/* POTENTIAL FLAW: data could be null */
if (data.equals("CWE690")) {
IO.writeLine("data is CWE690");
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: call equals() on string literal (that is not null) */
if ("CWE690".equals(data)) {
IO.writeLine("data is CWE690");
}
}
}
/* goodG2B1() - use goodsource and badsink by changing first private_final_five==5 to private_final_five!=5 */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
/* INCIDENTAL: CWE 570 Statement is Always False */
if (private_final_five != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from request */
String s_data = request.getParameter("name");
data = Integer.parseInt(s_data.trim());
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_five == 5) {
/* POTENTIAL FLAW: Zero denominator will cause an issue. An integer division will
result in an exception. */
IO.writeLine("bad: 100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: test for a zero denominator */
if (data != 0) {
IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
IO.writeLine("This would result in a divide by zero");
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_t) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
File f = new File("C:\\data.txt");
BufferedReader buffread = null;
FileReader fread = null;
try {
/* read string from file into data */
fread = new FileReader(f);
buffread = new BufferedReader(fread);
data = buffread.readLine(); // This will be reading the first "line" of the file, which
// could be very long if there are little or no newlines in the file\
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (fread != null) {
fread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing fread");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
data = "Testing.test";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_t) {
if (!data.equals("Testing.test")
&& /* FIX: classname must be one of 2 values */ !data.equals("Test.test")) {
return;
}
Class<?> c = Class.forName(data);
Object instance = c.newInstance();
IO.writeLine(instance.toString());
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Class<?> c = Class.forName(data); /* FLAW: loading arbitrary class */
Object instance = c.newInstance();
IO.writeLine(instance.toString());
}
}
/* goodG2B() - use goodsource and badsink by changing the conditions on the first and second while statements */
private void goodG2B() throws Throwable {
String data;
boolean local_f = false;
while (true) {
/* FIX: call getStringG(), which will never return null */
data = CWE690_NULL_Deref_from_Return__Class__Helper.getStringGood();
break;
}
while (local_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* POTENTIAL FLAW: Call getStringG(), which may return null */
data = CWE690_NULL_Deref_from_Return__Class__Helper.getStringBad();
break;
}
while (true) {
/* POTENTIAL FLAW: data could be null */
String sOut = data.trim();
IO.writeLine(sOut);
break;
}
while (local_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: explicit check for null */
if (data != null) {
String sOut = data.trim();
IO.writeLine(sOut);
}
break;
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* FIX: test for a zero modulus */
if (data != 0) {
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
} else {
IO.writeLine("This would result in a modulo by zero");
}
}
}
/* goodG2B() - use goodsource and badsink by changing the first "if" so that
both branches use the GoodSource */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
if (IO.static_returns_t_or_f()) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
if (IO.static_returns_t_or_f()) {
int valueToSub = (new SecureRandom()).nextInt(99) + 1; /* subtracting at least 1 */
/* POTENTIAL FLAW: if (data-valueToSub) < MIN_VALUE this will underflow */
int result = (data - valueToSub);
IO.writeLine("result: " + result);
} else {
int valueToSub = (new SecureRandom()).nextInt(99) + 1; /* subtracting at least 1 */
/* POTENTIAL FLAW: if (data-valueToSub) < MIN_VALUE this will underflow */
int result = (data - valueToSub);
IO.writeLine("result: " + result);
}
}
/* goodG2B() - use goodsource and badsink */
public void goodG2BSink(String data) throws Throwable {
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeUpdate(), which could result in SQL Injection */
int rowCount =
sqlStatement.executeUpdate(
"insert into users (status) values ('updated') where name='" + data + "'");
IO.writeLine("Updated " + rowCount + " rows successfully.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
/* goodB2G1() - use badsource and goodsink by changing second IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */
private void goodB2G1() throws Throwable {
String data;
if (IO.STATIC_FINAL_FIVE == 5) {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (IO.STATIC_FINAL_FIVE != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
if (data != null) {
String names[] = data.split("-");
int successCount = 0;
Connection dbConnection = null;
PreparedStatement sqlStatement = null;
try {
/* FIX: Use prepared statement and executeBatch (properly) */
dbConnection = IO.getDBConnection();
sqlStatement =
dbConnection.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; i++) {
sqlStatement.setString(1, names[i]);
sqlStatement.addBatch();
}
int resultsArray[] = sqlStatement.executeBatch();
for (int i = 0; i < names.length; i++) {
if (resultsArray[i] > 0) {
successCount++;
}
}
IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
}
/* goodB2G() - use badsource and goodsink by changing the conditions on
the second and third for statements */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* POTENTIAL FLAW: data may be set to null */
data = request.getParameter("CWE690");
for (int for_index_i = 0; for_index_i < 0; for_index_i++) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: Set data to a fixed, non-null String */
data = "CWE690";
}
for (int for_index_j = 0; for_index_j < 0; for_index_j++) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* POTENTIAL FLAW: data could be null */
String sOut = data.trim();
IO.writeLine(sOut);
}
for (int for_index_k = 0; for_index_k < 1; for_index_k++) {
/* FIX: explicit check for null */
if (data != null) {
String sOut = data.trim();
IO.writeLine(sOut);
}
}
}
/* goodB2G1() - use badsource and goodsink by changing second IO.staticTrue to IO.staticFalse */
private void goodB2G1() throws Throwable {
String data;
if (IO.staticTrue) {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (IO.staticFalse) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
Connection dbConnection = null;
PreparedStatement sqlStatement = null;
ResultSet resultSet = null;
try {
/* FIX: Use prepared statement and executeQuery (properly) */
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.prepareStatement("select * from users where name=?");
sqlStatement.setString(1, data);
resultSet = sqlStatement.executeQuery();
IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
}
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
public void bad() throws Throwable {
int data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* init data */
data = -1;
/* retrieve the "pid" property */
Properties props = new Properties();
FileInputStream finstr = null;
try {
finstr = new FileInputStream("../common/config.properties");
props.load(finstr);
String s_data = props.getProperty("pid");
data = Integer.parseInt(s_data.trim());
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
} finally {
/* clean up stream reading objects */
try {
if (finstr != null) {
finstr.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
}
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
if (IO.static_returns_t_or_f()) {
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data > 0) /* ensure we don't have an underflow */ {
/* POTENTIAL FLAW: if (data*valueToMult) > MAX_VALUE, this will overflow */
int result = (data * valueToMult);
IO.writeLine("result: " + result);
}
} else {
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data > 0) /* ensure we don't have an underflow */ {
int result = 0;
/* FIX: Add a check to prevent an overflow from occurring */
if (data <= (Integer.MAX_VALUE / valueToMult)) {
result = (data * valueToMult);
IO.writeLine("result: " + result);
} else {
IO.writeLine("Input value is too large to perform multiplication.");
}
}
}
}
public void bad() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_five == 5) {
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
URLConnection conn = (new URL("http://www.example.org/")).openConnection();
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
/* read input from URLConnection */
instrread = new InputStreamReader(conn.getInputStream());
buffread = new BufferedReader(instrread);
data = buffread.readLine(); // This will be reading the first "line" of the response body,
// which could be very long if there are no newlines in the HTML
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
data = "Testing.test";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_five == 5) {
Class<?> c = Class.forName(data); /* FLAW: loading arbitrary class */
Object instance = c.newInstance();
IO.writeLine(instance.toString());
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
if (!data.equals("Testing.test")
&& /* FIX: classname must be one of 2 values */ !data.equals("Test.test")) {
return;
}
Class<?> c = Class.forName(data);
Object instance = c.newInstance();
IO.writeLine(instance.toString());
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2() throws Throwable {
String data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (5 == 5) {
data = "Testing.test";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
/* read user input from console with readLine*/
BufferedReader buffread = null;
InputStreamReader instrread = null;
try {
instrread = new InputStreamReader(System.in);
buffread = new BufferedReader(instrread);
data = buffread.readLine();
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (instrread != null) {
instrread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing instrread");
}
}
}
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (5 == 5) {
Class<?> c = Class.forName(data); /* FLAW: loading arbitrary class */
Object instance = c.newInstance();
IO.writeLine(instance.toString());
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
if (!data.equals("Testing.test")
&& /* FIX: classname must be one of 2 values */ !data.equals("Test.test")) {
return;
}
Class<?> c = Class.forName(data);
Object instance = c.newInstance();
IO.writeLine(instance.toString());
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (privateFive == 5) {
data = ""; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=foo" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
data = token.substring(3); /* set data to "foo" */
break; /* exit while loop */
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (privateFive == 5) {
Connection dbConnection = null;
PreparedStatement sqlStatement = null;
try {
/* FIX: Use prepared statement and execute (properly) */
dbConnection = IO.getDBConnection();
sqlStatement =
dbConnection.prepareStatement(
"insert into users (status) values ('updated') where name=?");
sqlStatement.setString(1, data);
Boolean result = sqlStatement.execute();
if (result) {
IO.writeLine("Name, " + data + ", updated successfully");
} else {
IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B() throws Throwable {
String data_copy;
{
String data;
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
data_copy = data;
}
{
String data = data_copy;
Logger log2 = Logger.getLogger("local-logger");
Connection conn_tmp2 = null;
Statement sqlstatement = null;
ResultSet sqlrs = null;
try {
conn_tmp2 = IO.getDBConnection();
sqlstatement = conn_tmp2.createStatement();
/* POTENTIAL FLAW: take user input and place into dynamic sql query */
sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'");
IO.writeString(sqlrs.toString());
} catch (SQLException se) {
log2.warning("Error getting database connection");
} finally {
try {
if (sqlrs != null) {
sqlrs.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlrs");
} finally {
try {
if (sqlstatement != null) {
sqlstatement.close();
}
} catch (SQLException e) {
log2.warning("Error closing sqlstatement");
} finally {
try {
if (conn_tmp2 != null) {
conn_tmp2.close();
}
} catch (SQLException e) {
log2.warning("Error closing conn_tmp2");
}
}
}
}
}
}
/* goodB2G() - use badsource and goodsink */
public void goodB2G_sink(int data) throws Throwable {
/* FIX: test for a zero denominator */
if (data != 0) {
IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
IO.writeLine("This would result in a divide by zero");
}
}
/* goodB2G1() - use badsource and goodsink by changing second privateTrue to privateFalse */
private void goodB2G1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (privateTrue) {
/* POTENTIAL FLAW: Read data from a querystring using getParameter */
data = request.getParameter("name");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (privateFalse) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
Connection dbConnection = null;
PreparedStatement sqlStatement = null;
try {
/* FIX: Use prepared statement and execute (properly) */
dbConnection = IO.getDBConnection();
sqlStatement =
dbConnection.prepareStatement(
"insert into users (status) values ('updated') where name=?");
sqlStatement.setString(1, data);
Boolean result = sqlStatement.execute();
if (result) {
IO.writeLine("Name, " + data + ", updated successfully");
} else {
IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2() throws Throwable {
int data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_five == 5) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* init data */
data = -1;
/* retrieve the "pid" property */
Properties props = new Properties();
FileInputStream finstr = null;
try {
finstr = new FileInputStream("../common/config.properties");
props.load(finstr);
String s_data = props.getProperty("pid");
data = Integer.parseInt(s_data.trim());
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
} finally {
/* clean up stream reading objects */
try {
if (finstr != null) {
finstr.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
}
}
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_five == 5) {
/* POTENTIAL FLAW: Zero denominator will cause an issue. An integer division will
result in an exception. */
IO.writeLine("bad: 100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: test for a zero denominator */
if (data != 0) {
IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
IO.writeLine("This would result in a divide by zero");
}
}
}
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data = goodB2G_source(request, response);
/* FIX: test for a zero denominator */
if (data != 0) {
IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
IO.writeLine("This would result in a divide by zero");
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
data = "Testing.test";
Class<?> c = Class.forName(data); /* FLAW: loading arbitrary class */
Object instance = c.newInstance();
IO.writeLine(instance.toString());
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B() throws Throwable {
String dataCopy;
{
String data;
/* FIX: Use a hardcoded string */
data = "foo";
dataCopy = data;
}
{
String data = dataCopy;
if (data != null) {
String names[] = data.split("-");
int successCount = 0;
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
for (int i = 0; i < names.length; i++) {
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */
sqlStatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int resultsArray[] = sqlStatement.executeBatch();
for (int i = 0; i < names.length; i++) {
if (resultsArray[i] > 0) {
successCount++;
}
}
IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
}
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */
private void goodG2B1() throws Throwable {
String data;
if (IO.STATIC_FINAL_FIVE != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
} else {
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.STATIC_FINAL_FIVE == 5) {
if (data != null) {
String names[] = data.split("-");
int successCount = 0;
Connection dbConnection = null;
Statement sqlStatement = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
for (int i = 0; i < names.length; i++) {
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */
sqlStatement.addBatch(
"update users set hitcount=hitcount+1 where name='" + names[i] + "'");
}
int resultsArray[] = sqlStatement.executeBatch();
for (int i = 0; i < names.length; i++) {
if (resultsArray[i] > 0) {
successCount++;
}
}
IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
}
/* goodG2B() - use goodsource and badsink */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String dataCopy;
{
String data;
/* FIX: Use a hardcoded string */
data = "foo";
dataCopy = data;
}
{
String data = dataCopy;
Connection dbConnection = null;
Statement sqlStatement = null;
ResultSet resultSet = null;
try {
dbConnection = IO.getDBConnection();
sqlStatement = dbConnection.createStatement();
/* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */
resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'");
IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
}
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
/* goodB2G() - use badsource and goodsink */
public void goodB2G_sink(CWE369_Divide_By_Zero__random_modulo_67a.Container data_container)
throws Throwable {
int data = data_container.a;
/* FIX: test for a zero modulus */
if (data != 0) {
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
} else {
IO.writeLine("This would result in a modulo by zero");
}
}
/* goodG2B1() - use goodsource and badsink by changing the first switch to switch(5) */
private void goodG2B1() throws Throwable {
int data;
switch (5) {
case 6:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
Logger log_bad = Logger.getLogger("local-logger");
/* init data */
data = -1;
/* get environment variable ADD */
String s_data = System.getenv("ADD");
try {
data = Integer.parseInt(s_data.trim());
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
}
}
break;
default:
{
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
break;
}
switch (7) {
case 7:
{
int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */
/* POTENTIAL FLAW: if (data+valueToAdd) > MAX_VALUE, this will overflow */
int result = (data + valueToAdd);
IO.writeLine("result: " + result);
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
int result = 0;
int valueToAdd = (new SecureRandom()).nextInt(99) + 1; /* adding at least 1 */
/* FIX: Add a check to prevent an overflow from occurring */
if (data <= (Integer.MAX_VALUE - valueToAdd)) {
result = (data + valueToAdd);
IO.writeLine("result: " + result);
} else {
IO.writeLine("Input value is too large to perform addition.");
}
}
break;
}
}