/* goodG2B() - use GoodSource and BadSink */ private void goodG2B() throws Throwable { int count; /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ count = 2; CWE400_Resource_Exhaustion__database_for_loop_81_base baseObject = new CWE400_Resource_Exhaustion__database_for_loop_81_goodG2B(); baseObject.action(count); }
public void bad() throws Throwable { int count; count = Integer.MIN_VALUE; /* Initialize count */ /* Read count from a database */ { Connection connection = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; try { /* setup the connection */ connection = IO.getDBConnection(); /* prepare and execute a (hardcoded) query */ preparedStatement = connection.prepareStatement("select name from users where id=0"); resultSet = preparedStatement.executeQuery(); /* POTENTIAL FLAW: Read count from a database query resultset */ String stringNumber = resultSet.getString(1); if (stringNumber != null) /* avoid NPD incidental warnings */ { try { count = Integer.parseInt(stringNumber.trim()); } catch (NumberFormatException exceptNumberFormat) { IO.logger.log( Level.WARNING, "Number format exception parsing count from string", exceptNumberFormat); } } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error with SQL statement", exceptSql); } finally { /* Close database objects */ try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (preparedStatement != null) { preparedStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (connection != null) { connection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } CWE400_Resource_Exhaustion__database_for_loop_81_base baseObject = new CWE400_Resource_Exhaustion__database_for_loop_81_bad(); baseObject.action(count); }