/* goodG2B() - use goodsource and badsink */
  private String goodG2B_source() throws Throwable {
    String data;

    java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

    /* FIX: Use a hardcoded string */
    data = "foo";

    return data;
  }
  /* goodG2B() - use goodsource and badsink */
  private void goodG2B() throws Throwable {
    String data;

    java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

    /* FIX: Use a hardcoded string */
    data = "foo";

    Container data_container = new Container();
    data_container.a = data;
    (new CWE643_Unsafe_Treatment_of_XPath_Input__URLConnection_67b()).goodG2B_sink(data_container);
  }
  /* goodB2G2() - use badsource and goodsink by reversing the blocks in the second switch  */
  private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data;
    switch (6) {
      case 6:
        {
          Logger log_bad = Logger.getLogger("local-logger");
          /* read parameter from request */
          data = request.getParameter("name");
        }
        break;
      default:
        /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
        {
          java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
          /* FIX: Use a hardcoded string */
          data = "foo";
        }
        break;
    }

    switch (7) {
      case 7:
        {
          final String xmldoc =
              "\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";
          /* assume username||password as source */
          String[] tokens = data.split("||");
          if (tokens.length < 2) {
            return;
          }
          /* FIX: validate input using StringEscapeUtils */
          String uname = StringEscapeUtils.escapeXml(tokens[0]);
          String pword = StringEscapeUtils.escapeXml(tokens[1]);
          /* build xpath */
          XPath xp = XPathFactory.newInstance().newXPath();
          InputSource inxml = new InputSource(xmldoc);
          String query =
              "//users/user[name/text()='"
                  + uname
                  + "' and pass/text()='"
                  + pword
                  + "']"
                  + "/secret/text()";
          String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
        }
        break;
      default:
        /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
        {
          final String xmldoc =
              "\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";
          /* assume username||password as source */
          String[] tokens = data.split("||");
          if (tokens.length < 2) {
            return;
          }
          String uname = tokens[0];
          String pword = tokens[1];
          /* build xpath */
          XPath xp = XPathFactory.newInstance().newXPath();
          InputSource inxml = new InputSource(xmldoc);
          /* INCIDENTAL: CWE180 Incorrect Behavior Order: Validate Before Canonicalize
           * 	The user input should be canonicalized before validation.
           */
          /* FLAW: user input is used without validate */
          String query =
              "//users/user[name/text()='"
                  + uname
                  + "' and pass/text()='"
                  + pword
                  + "']"
                  + "/secret/text()";
          String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
        }
        break;
    }
  }
  /* goodB2G2() - use badsource and goodsink by reversing statements in second if  */
  private void goodB2G2() throws Throwable {
    String data;
    if (IO.static_returns_t()) {
      Logger log_bad = Logger.getLogger("local-logger");
      data = ""; /* init data */
      Connection conn = null;
      PreparedStatement statement = null;
      ResultSet rs = null;
      BufferedReader buffread = null;
      InputStreamReader instrread = null;
      try {
        /* setup the connection */
        conn = IO.getDBConnection();
        /* prepare the query */
        statement = conn.prepareStatement("select name from users where id=?");
        /* get user input for the userid */
        IO.writeLine("Enter a userid to login as (number): ");
        instrread = new InputStreamReader(System.in);
        buffread = new BufferedReader(instrread);
        int num = Integer.parseInt(buffread.readLine());
        statement.setInt(1, num);
        rs = statement.executeQuery();
        data = rs.getString(1);
      } catch (IOException ioe) {
        log_bad.warning("Error with stream reading");
      } finally {
        /* clean up stream reading objects */
        try {
          if (buffread != null) {
            buffread.close();
          }
        } catch (IOException ioe) {
          log_bad.warning("Error closing buffread");
        } finally {
          try {
            if (instrread != null) {
              instrread.close();
            }
          } catch (IOException ioe) {
            log_bad.warning("Error closing instrread");
          }
        }

        /* clean up database objects */
        try {
          if (rs != null) {
            rs.close();
          }
        } catch (SQLException se) {
          log_bad.warning("Error closing rs");
        } finally {
          try {
            if (statement != null) {
              statement.close();
            }
          } catch (SQLException se) {
            log_bad.warning("Error closing statement");
          } finally {
            try {
              if (conn != null) {
                conn.close();
              }
            } catch (SQLException se) {
              log_bad.warning("Error closing conn");
            }
          }
        }
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";
    }
    if (IO.static_returns_t()) {
      final String xmldoc =
          "\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";
      /* assume username||password as source */
      String[] tokens = data.split("||");
      if (tokens.length < 2) {
        return;
      }
      /* FIX: validate input using StringEscapeUtils */
      String uname = StringEscapeUtils.escapeXml(tokens[0]);
      String pword = StringEscapeUtils.escapeXml(tokens[1]);
      /* build xpath */
      XPath xp = XPathFactory.newInstance().newXPath();
      InputSource inxml = new InputSource(xmldoc);
      String query =
          "//users/user[name/text()='"
              + uname
              + "' and pass/text()='"
              + pword
              + "']"
              + "/secret/text()";
      String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      final String xmldoc =
          "\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";

      /* assume username||password as source */
      String[] tokens = data.split("||");
      if (tokens.length < 2) {
        return;
      }
      String uname = tokens[0];
      String pword = tokens[1];

      /* build xpath */
      XPath xp = XPathFactory.newInstance().newXPath();
      InputSource inxml = new InputSource(xmldoc);
      /* INCIDENTAL: CWE180 Incorrect Behavior Order: Validate Before Canonicalize
       * 	The user input should be canonicalized before validation.
       */
      /* FLAW: user input is used without validate */
      String query =
          "//users/user[name/text()='"
              + uname
              + "' and pass/text()='"
              + pword
              + "']"
              + "/secret/text()";
      String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
    }
  }
  public void bad() throws Throwable {
    String data;
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (private_returns_t()) {
      Logger log_bad = Logger.getLogger("local-logger");
      /* get environment variable ADD */
      data = System.getenv("ADD");
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");

      /* FIX: Use a hardcoded string */
      data = "foo";
    }
    /* INCIDENTAL: CWE 571 Statement is Always True */
    if (private_returns_t()) {
      final String xmldoc =
          "\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";
      /* assume username||password as source */
      String[] tokens = data.split("||");
      if (tokens.length < 2) {
        return;
      }
      String uname = tokens[0];
      String pword = tokens[1];
      /* build xpath */
      XPath xp = XPathFactory.newInstance().newXPath();
      InputSource inxml = new InputSource(xmldoc);
      /* INCIDENTAL: CWE180 Incorrect Behavior Order: Validate Before Canonicalize
       * 	The user input should be canonicalized before validation.
       */
      /* FLAW: user input is used without validate */
      String query =
          "//users/user[name/text()='"
              + uname
              + "' and pass/text()='"
              + pword
              + "']"
              + "/secret/text()";
      String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */

      final String xmldoc =
          "\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";

      /* assume username||password as source */
      String[] tokens = data.split("||");
      if (tokens.length < 2) {
        return;
      }

      /* FIX: validate input using StringEscapeUtils */
      String uname = StringEscapeUtils.escapeXml(tokens[0]);
      String pword = StringEscapeUtils.escapeXml(tokens[1]);

      /* build xpath */
      XPath xp = XPathFactory.newInstance().newXPath();
      InputSource inxml = new InputSource(xmldoc);

      String query =
          "//users/user[name/text()='"
              + uname
              + "' and pass/text()='"
              + pword
              + "']"
              + "/secret/text()";
      String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
    }
  }