/* goodG2B1() - use goodsource and badsink by changing privateTrue to privateFalse */ private void goodG2B1() throws Throwable { String data; if (privateFalse) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { /* FIX: Use a hardcoded string */ data = "foo"; } String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process process = Runtime.getRuntime().exec(osCommand + data); process.waitFor(); }
/* goodG2B2() - use goodsource and badsink by reversing statements in if */ private void goodG2B2() throws Throwable { String data; if (IO.static_returns_t()) { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ File f = new File("C:\\data.txt"); BufferedReader buffread = null; FileReader fread = null; try { /* read string from file into data */ fread = new FileReader(f); buffread = new BufferedReader(fread); data = buffread.readLine(); // This will be reading the first "line" of the file, which // could be very long if there are little or no newlines in the file\ } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } catch (NumberFormatException nfe) { log_bad.warning("Error with number parsing"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (fread != null) { fread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing fread"); } } } } String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process p = Runtime.getRuntime().exec(osCommand + data); p.waitFor(); }
/* uses badsource and badsink */ public void bad() throws Throwable { String data; if (privateTrue) { /* get system property user.home */ /* POTENTIAL FLAW: Read data from a system property */ data = System.getProperty("user.home"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process process = Runtime.getRuntime().exec(osCommand + data); process.waitFor(); }
public void action(String data) throws Throwable { String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process process = Runtime.getRuntime().exec(osCommand + data); process.waitFor(); }
/* goodG2B() - use goodsource and badsink */ public void goodG2B_sink() throws Throwable { String data = CWE78_OS_Command_Injection__console_readLine_68a.data; String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process p = Runtime.getRuntime().exec(osCommand + data); p.waitFor(); }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { String data = (new CWE78_OS_Command_Injection__fromDB_61b()).goodG2B_source(); String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process p = Runtime.getRuntime().exec(osCommand + data); p.waitFor(); }
/* uses badsource and badsink */ public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; if (true) { /* POTENTIAL FLAW: Read data from a querystring using getParameter */ data = request.getParameter("name"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process process = Runtime.getRuntime().exec(osCommand + data); process.waitFor(); }
/* uses badsource and badsink */ public void bad() throws Throwable { String data; if (private_t) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ Connection conn = null; PreparedStatement statement = null; ResultSet rs = null; BufferedReader buffread = null; InputStreamReader instrread = null; try { /* setup the connection */ conn = IO.getDBConnection(); /* prepare the query */ statement = conn.prepareStatement("select name from users where id=?"); /* get user input for the userid */ IO.writeLine("Enter a userid to login as (number): "); instrread = new InputStreamReader(System.in); buffread = new BufferedReader(instrread); int num = Integer.parseInt(buffread.readLine()); statement.setInt(1, num); rs = statement.executeQuery(); data = rs.getString(1); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } /* clean up database objects */ try { if (rs != null) { rs.close(); } } catch (SQLException se) { log_bad.warning("Error closing rs"); } finally { try { if (statement != null) { statement.close(); } } catch (SQLException se) { log_bad.warning("Error closing statement"); } finally { try { if (conn != null) { conn.close(); } } catch (SQLException se) { log_bad.warning("Error closing conn"); } } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process p = Runtime.getRuntime().exec(osCommand + data); p.waitFor(); }
/** * The execute method on the Suspend command. This method is executed in the ejb command target. * * @throws CommandException necessary to fullfill abstract method signature * @throws EPlatformException thrown when the remote instance of the Controller can not be * created. */ public void execute() throws ie.ucd.srg.logica.eplatform.command.CommandException, EPlatformException { LogHelper.log(LogHelper.INFO, "[SuspendCommand.exeute] execute "); boolean bBackupFailed = false; try { /* init the variabeles */ Hashtable htProps = new Hashtable(); htProps.put( Context.INITIAL_CONTEXT_FACTORY, JNDIProperties.getProperty(JNDIProperties.CONTROLLER_CONTEXT_FACTORY)); htProps.put( Context.PROVIDER_URL, JNDIProperties.getProperty(JNDIProperties.CONTROLLER_PROVIDER)); /* init the context */ InitialContext icContext = new InitialContext(htProps); /* lookup the controller */ Object obj = icContext.lookup(JNDIProperties.getProperty(JNDIProperties.CONTROLLER_NAME)); /* create the controller */ ControllerHome xControllerHome = (ControllerHome) PortableRemoteObject.narrow(obj, ControllerHome.class); Controller xController = xControllerHome.create(); // Verify pincodes. If validated then continue with change of state g_crCallResult = xController.checkPinCode(sPincode1, sPincode2); if (g_crCallResult.getResult() == CallResult.RESULT_OK) { // change state to suspended g_crCallResult = xController.suspend(); try { /* Call script to backup database to removable medium */ String sBackupPath = TechnicalProps.getProperty(TechnicalProps.BACKUP_SCRIPT); LogHelper.log(LogHelper.INFO, "[SuspendCommand.exeute] Start creating backup..."); if (sBackupPath != null) { Process xProcess = Runtime.getRuntime().exec(sBackupPath); int iProcessRes = xProcess.waitFor(); if (iProcessRes != 0) { bBackupFailed = true; KOALogHelper.log( KOALogHelper.ERROR, "Error executing script for backup to fs (suspend state) code = " + iProcessRes); } else { bBackupFailed = false; String sMessage = ie.ucd.srg.logica.eplatform.error.ErrorMessageFactory.getErrorMessageFactory() .getErrorMessage(ErrorConstants.CREATE_BACKUP_OK, null); KOALogHelper.audit( KOALogHelper.INFO, AuditEventListener.STATE_CHANGE, "SuspendElection", g_sUser, sMessage); // set callresult for backup g_crCallResult.setBackupResult(sMessage); LogHelper.log(LogHelper.INFO, "[SuspendCommand.exeute] backup created OK..."); } } } catch (java.lang.InterruptedException xInterruptedExc) { bBackupFailed = true; KOALogHelper.logErrorCode( "SuspendCommand.execute", ErrorConstants.UNABLE_TO_START_BACKUP_SCRIPT, null, xInterruptedExc); } catch (java.io.IOException xioExc) { bBackupFailed = true; String[] params = {"backupscript"}; KOALogHelper.logErrorCode( "SuspendCommand.execute", ErrorConstants.ERR_IO, params, xioExc); } } } catch (NamingException ne) { String[] params = {"Controller"}; KOALogHelper.logErrorCode("SuspendCommand.execute", ErrorConstants.ERR_NAMING, params, ne); throw new KOAException(ErrorConstants.COMMAND_SUSPEND_EXEC, ne); } catch (RemoteException re) { String[] params = {"Controller"}; KOALogHelper.logErrorCode("SuspendCommand.execute", ErrorConstants.ERR_REMOTE, params, re); throw new KOAException(ErrorConstants.COMMAND_SUSPEND_EXEC, re); } catch (CreateException ce) { String[] params = {"Controller"}; KOALogHelper.logErrorCode("SuspendCommand.execute", ErrorConstants.ERR_CREATE, params, ce); throw new KOAException(ErrorConstants.COMMAND_SUSPEND_EXEC, ce); } catch (KOAException koae) { KOALogHelper.logError("SuspendCommand.execute", "KOAException", koae); throw koae; } // Always perform the following code, to check if the backup was successful finally { if (bBackupFailed) { try { String sMessage = ie.ucd.srg.logica.eplatform.error.ErrorMessageFactory.getErrorMessageFactory() .getErrorMessage(ErrorConstants.CREATE_BACKUP_ERROR, null); KOALogHelper.audit( KOALogHelper.ERROR, AuditEventListener.STATE_CHANGE, "SuspendElection", g_sUser, sMessage); g_crCallResult.setBackupResult(sMessage); LogHelper.log( LogHelper.ERROR, "[SuspendCommand.exeute] Error occured with result that back up is not created..."); } catch (java.io.IOException ioe) { String[] params = {"Error message factory"}; KOALogHelper.logErrorCode("SuspendCommand.execute", ErrorConstants.ERR_IO, params, ioe); } } } }
/* uses badsource and badsink */ public void bad() throws Throwable { String data; if (IO.STATIC_FINAL_TRUE) { data = ""; /* Initialize data */ /* Read data from a database */ { Connection connection = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; try { /* setup the connection */ connection = IO.getDBConnection(); /* prepare and execute a (hardcoded) query */ preparedStatement = connection.prepareStatement("select name from users where id=0"); resultSet = preparedStatement.executeQuery(); /* POTENTIAL FLAW: Read data from a database query resultset */ data = resultSet.getString(1); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error with SQL statement", exceptSql); } finally { /* Close database objects */ try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (preparedStatement != null) { preparedStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (connection != null) { connection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } String osCommand; if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) { /* running on Windows */ osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir "; } else { /* running on non-Windows */ osCommand = "/bin/ls "; } /* POTENTIAL FLAW: command injection */ Process process = Runtime.getRuntime().exec(osCommand + data); process.waitFor(); }