/* goodG2B() - use goodsource and badsink */ public void goodG2BSink(String data) throws Throwable { Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeUpdate(), which could result in SQL Injection */ int rowCount = sqlStatement.executeUpdate( "insert into users (status) values ('updated') where name='" + data + "'"); IO.writeLine("Updated " + rowCount + " rows successfully."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { String data_copy; { String data; java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; data_copy = data; } { String data = data_copy; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; ResultSet sqlrs = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'"); IO.writeString(sqlrs.toString()); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlrs != null) { sqlrs.close(); } } catch (SQLException e) { log2.warning("Error closing sqlrs"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } } }
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; if (privateFive == 5) { data = ""; /* initialize data in case id is not in query string */ /* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */ { StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&"); while (tokenizer.hasMoreTokens()) { String token = tokenizer.nextToken(); /* a token will be like "id=foo" */ if (token.startsWith("id=")) /* check if we have the "id" parameter" */ { data = token.substring(3); /* set data to "foo" */ break; /* exit while loop */ } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (privateFive == 5) { Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */ Boolean result = sqlStatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (result) { IO.writeLine("Name, " + data + ", updated successfully"); } else { IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { String dataCopy; { String data; /* FIX: Use a hardcoded string */ data = "foo"; dataCopy = data; } { String data = dataCopy; if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); for (int i = 0; i < names.length; i++) { /* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */ sqlStatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } }
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */ private void goodG2B1() throws Throwable { String data; if (IO.STATIC_FINAL_FIVE != 5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.STATIC_FINAL_FIVE == 5) { if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); for (int i = 0; i < names.length; i++) { /* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */ sqlStatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable { String dataCopy; { String data; /* FIX: Use a hardcoded string */ data = "foo"; dataCopy = data; } { String data = dataCopy; Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */ private void goodG2B1() throws Throwable { String data; if (IO.STATIC_FINAL_FIVE != 5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.STATIC_FINAL_FIVE == 5) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
public void bad() throws Throwable { String data; if (IO.staticTrue) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticTrue) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B() - use goodsource and badsink */ public void goodG2B_sink(String data_array[]) throws Throwable { String data = data_array[2]; String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch("update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } }
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */ private void goodG2B2() throws Throwable { String data; if (IO.staticReturnsTrue()) { /* FIX: Use a hardcoded string */ data = "foo"; } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticReturnsTrue()) { Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */ Boolean result = sqlStatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (result) { IO.writeLine("Name, " + data + ", updated successfully"); } else { IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
public void bad() throws Throwable { String data; if (PRIVATE_STATIC_FINAL_TRUE) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (PRIVATE_STATIC_FINAL_TRUE) { Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */ Boolean result = sqlStatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (result) { IO.writeLine("Name, " + data + ", updated successfully"); } else { IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B() - use goodsource and badsink */ public void goodG2B_sink(String data, HttpServletRequest request, HttpServletResponse response) throws Throwable { Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; ResultSet sqlrs = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'"); IO.writeString(sqlrs.toString()); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlrs != null) { sqlrs.close(); } } catch (SQLException e) { log2.warning("Error closing sqlrs"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
/* goodG2B() - use GoodSource and BadSink */ public void goodG2BSink(HashMap<Integer, String> dataHashMap) throws Throwable { String data = dataHashMap.get(2); Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
public void bad() throws Throwable { String data = bad_source(); Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */ Boolean bResult = sqlstatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (bResult) { IO.writeString("Name, " + data + ", updated successfully"); } else { IO.writeString("Unable to update records for user: "******"Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } }
/* goodG2B() - use goodsource and badsink */ public void goodG2BSink(String data, HttpServletRequest request, HttpServletResponse response) throws Throwable { Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */ Boolean result = sqlStatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (result) { IO.writeLine("Name, " + data + ", updated successfully"); } else { IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data = (new CWE89_SQL_Injection__getQueryString_Servlet_executeUpdate_61b()) .goodG2BSource(request, response); Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeUpdate(), which could result in SQL Injection */ int rowCount = sqlStatement.executeUpdate( "insert into users (status) values ('updated') where name='" + data + "'"); IO.writeLine("Updated " + rowCount + " rows successfully."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B() - use goodsource and badsink */ public void goodG2B_sink(Object data_obj) throws Throwable { String data = (String) data_obj; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: place user input into dynamic sql query */ int iResult = sqlstatement.executeUpdate( "insert into users (status) values ('updated') where name='" + data + "'"); IO.writeString("Updated " + iResult + " rows successfully."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void goodB2G2() throws Throwable { String data; if (IO.static_returns_t()) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ /* Read data using a listening tcp connection */ ServerSocket listener = null; Socket sock = null; BufferedReader buffread = null; InputStreamReader instrread = null; try { /* read input from socket */ listener = new ServerSocket(39543); sock = listener.accept(); instrread = new InputStreamReader(sock.getInputStream()); buffread = new BufferedReader(instrread); data = buffread.readLine(); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } /* clean up socket objects */ try { if (sock != null) { sock.close(); } } catch (IOException e) { log_bad.warning("Error closing sock"); } finally { try { if (listener != null) { listener.close(); } } catch (IOException e) { log_bad.warning("Error closing listener"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.static_returns_t()) { Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatements */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement( "insert into users (status) values ('updated') where name=?"); sqlstatement.setString(1, data); Boolean bResult = sqlstatement.execute(); if (bResult) { IO.writeString("Name, " + data + ", updated successfully"); } else { IO.writeString("Unable to update records for user: "******"Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */ Boolean bResult = sqlstatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (bResult) { IO.writeString("Name, " + data + ", updated successfully"); } else { IO.writeString("Unable to update records for user: "******"Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
public void bad() throws Throwable { String data; if (IO.static_returns_t_or_f()) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ /* Read data using a listening tcp connection */ ServerSocket listener = null; Socket sock = null; BufferedReader buffread = null; InputStreamReader instrread = null; try { /* read input from socket */ listener = new ServerSocket(39543); sock = listener.accept(); instrread = new InputStreamReader(sock.getInputStream()); buffread = new BufferedReader(instrread); data = buffread.readLine(); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } /* clean up socket objects */ try { if (sock != null) { sock.close(); } } catch (IOException e) { log_bad.warning("Error closing sock"); } finally { try { if (listener != null) { listener.close(); } } catch (IOException e) { log_bad.warning("Error closing listener"); } } } } else { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.static_returns_t_or_f()) { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatement */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; ++i) { sqlstatement.setString(1, names[i]); sqlstatement.addBatch(); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
/* goodG2B() - use goodsource and badsink by changing the first "if" so that both branches use the GoodSource */ private void goodG2B() throws Throwable { String data; if (IO.static_returns_t_or_f()) { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } else { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.static_returns_t_or_f()) { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
public void bad() throws Throwable { String data; if (IO.STATIC_FINAL_FIVE == 5) { data = ""; /* Initialize data */ { InputStreamReader readerInputStream = null; BufferedReader readerBuffered = null; /* read user input from console with readLine */ try { readerInputStream = new InputStreamReader(System.in, "UTF-8"); readerBuffered = new BufferedReader(readerInputStream); /* POTENTIAL FLAW: Read data from the console using readLine */ data = readerBuffered.readLine(); } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO); } finally { try { if (readerBuffered != null) { readerBuffered.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO); } try { if (readerInputStream != null) { readerInputStream.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO); } } } /* NOTE: Tools may report a flaw here because buffread and isr are not closed. Unfortunately, closing those will close System.in, which will cause any future attempts to read from the console to fail and throw an exception */ } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.STATIC_FINAL_FIVE == 5) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodB2G1() - use badsource and goodsink by changing second IO.static_final_t to IO.static_final_f */ private void goodB2G1() throws Throwable { String data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (IO.static_final_t) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ URLConnection conn = (new URL("http://www.example.org/")).openConnection(); BufferedReader buffread = null; InputStreamReader instrread = null; try { /* read input from URLConnection */ instrread = new InputStreamReader(conn.getInputStream()); buffread = new BufferedReader(instrread); data = buffread.readLine(); // This will be reading the first "line" of the response body, // which could be very long if there are no newlines in the HTML } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } /* INCIDENTAL: CWE 570 Statement is Always False */ if (IO.static_final_f) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */ Boolean bResult = sqlstatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (bResult) { IO.writeString("Name, " + data + ", updated successfully"); } else { IO.writeString("Unable to update records for user: "******"Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatements */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement( "insert into users (status) values ('updated') where name=?"); sqlstatement.setString(1, data); Boolean bResult = sqlstatement.execute(); if (bResult) { IO.writeString("Name, " + data + ", updated successfully"); } else { IO.writeString("Unable to update records for user: "******"Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void goodB2G2() throws Throwable { String data; if (IO.static_returns_t()) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ URLConnection conn = (new URL("http://www.example.org/")).openConnection(); BufferedReader buffread = null; InputStreamReader instrread = null; try { /* read input from URLConnection */ instrread = new InputStreamReader(conn.getInputStream()); buffread = new BufferedReader(instrread); data = buffread.readLine(); // This will be reading the first "line" of the response body, // which could be very long if there are no newlines in the HTML } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.static_returns_t()) { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatement */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; ++i) { sqlstatement.setString(1, names[i]); sqlstatement.addBatch(); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
public void bad() throws Throwable { String dataCopy; { String data; data = ""; /* Initialize data */ /* retrieve the property */ { Properties properties = new Properties(); FileInputStream streamFileInput = null; try { streamFileInput = new FileInputStream("../common/config.properties"); properties.load(streamFileInput); /* POTENTIAL FLAW: Read data from a .properties file */ data = properties.getProperty("data"); } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO); } finally { /* Close stream reading object */ try { if (streamFileInput != null) { streamFileInput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO); } } } dataCopy = data; } { String data = dataCopy; if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); for (int i = 0; i < names.length; i++) { /* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */ sqlStatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } }
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; if (IO.static_returns_t_or_f()) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* parse the query string for value of 'id' */ String id_str = null; StringTokenizer st = new StringTokenizer(request.getQueryString(), "&"); while (st.hasMoreTokens()) { String token = st.nextToken(); int i = token.indexOf("="); if ((i > 0) && (i < (token.length() - 1)) && (token.substring(0, i).equals("id"))) { id_str = token.substring(i + 1); break; } } if (id_str != null) { Connection conn = null; PreparedStatement statement = null; ResultSet rs = null; try { int id = Integer.parseInt(id_str); conn = IO.getDBConnection(); statement = conn.prepareStatement("select * from pages where id=?"); /* FLAW: no check to see whether the user has privileges to view the data */ statement.setInt(1, id); rs = statement.executeQuery(); data = rs.toString(); } catch (SQLException se) { log_bad.warning("Error"); } finally { /* clean up database objects */ try { if (rs != null) { rs.close(); } } catch (SQLException se) { log_bad.warning("Error closing rs"); } finally { try { if (statement != null) { statement.close(); } } catch (SQLException se) { log_bad.warning("Error closing statement"); } finally { try { if (conn != null) { conn.close(); } } catch (SQLException se) { log_bad.warning("Error closing conn"); } } } } } } else { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.static_returns_t_or_f()) { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatement */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; ++i) { sqlstatement.setString(1, names[i]); sqlstatement.addBatch(); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void goodB2G2() throws Throwable { String data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (IO.static_t) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ File f = new File("C:\\data.txt"); BufferedReader buffread = null; FileReader fread = null; try { /* read string from file into data */ fread = new FileReader(f); buffread = new BufferedReader(fread); data = buffread.readLine(); // This will be reading the first "line" of the file, which // could be very long if there are little or no newlines in the file\ } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } catch (NumberFormatException nfe) { log_bad.warning("Error with number parsing"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (fread != null) { fread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing fread"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } /* INCIDENTAL: CWE 571 Statement is Always True */ if (IO.static_t) { Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatements */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement( "insert into users (status) values ('updated') where name=?"); sqlstatement.setString(1, data); Boolean bResult = sqlstatement.execute(); if (bResult) { IO.writeString("Name, " + data + ", updated successfully"); } else { IO.writeString("Unable to update records for user: "******"Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: value of "name" taken directly from an untrusted source and inserted into a command string executed against a SQL interpreter */ Boolean bResult = sqlstatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (bResult) { IO.writeString("Name, " + data + ", updated successfully"); } else { IO.writeString("Unable to update records for user: "******"Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void goodB2G2() throws Throwable { String data; /* INCIDENTAL: CWE 571 Statement is Always True */ if (private_five == 5) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ Socket sock = null; BufferedReader buffread = null; InputStreamReader instrread = null; try { /* Read data using an outbound tcp connection */ sock = new Socket("host.example.org", 39544); /* read input from socket */ instrread = new InputStreamReader(sock.getInputStream()); buffread = new BufferedReader(instrread); data = buffread.readLine(); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } /* clean up socket objects */ try { if (sock != null) { sock.close(); } } catch (IOException e) { log_bad.warning("Error closing sock"); } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } /* INCIDENTAL: CWE 571 Statement is Always True */ if (private_five == 5) { String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; PreparedStatement sqlstatement = null; try { /* FIX: use prepared sqlstatement */ conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; ++i) { sqlstatement.setString(1, names[i]); sqlstatement.addBatch(); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ String names[] = data.split("-"); int iSuccess = 0; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); for (int i = 0; i < names.length; ++i) { /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlstatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int dbResults[] = sqlstatement.executeBatch(); for (int i = 0; i < names.length; ++i) { if (dbResults[i] > 0) { iSuccess++; } } IO.writeString("Succeeded in " + iSuccess + " out of " + names.length + " queries."); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
public void bad() throws Throwable { String data_copy; { String data; Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ /* read user input from console with readLine*/ BufferedReader buffread = null; InputStreamReader instrread = null; try { instrread = new InputStreamReader(System.in); buffread = new BufferedReader(instrread); data = buffread.readLine(); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } } data_copy = data; } { String data = data_copy; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; ResultSet sqlrs = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'"); IO.writeString(sqlrs.toString()); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlrs != null) { sqlrs.close(); } } catch (SQLException e) { log2.warning("Error closing sqlrs"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } } }
public void bad() throws Throwable { String data; if (IO.staticReturnsTrue()) { data = ""; /* Initialize data */ { InputStreamReader readerInputStream = null; BufferedReader readerBuffered = null; /* read user input from console with readLine */ try { readerInputStream = new InputStreamReader(System.in, "UTF-8"); readerBuffered = new BufferedReader(readerInputStream); /* POTENTIAL FLAW: Read data from the console using readLine */ data = readerBuffered.readLine(); } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO); } finally { try { if (readerBuffered != null) { readerBuffered.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO); } try { if (readerInputStream != null) { readerInputStream.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO); } } } /* NOTE: Tools may report a flaw here because buffread and isr are not closed. Unfortunately, closing those will close System.in, which will cause any future attempts to read from the console to fail and throw an exception */ } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticReturnsTrue()) { Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in execute(), which could result in SQL Injection */ Boolean result = sqlStatement.execute( "insert into users (status) values ('updated') where name='" + data + "'"); if (result) { IO.writeLine("Name, " + data + ", updated successfully"); } else { IO.writeLine("Unable to update records for user: "******"Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
public void bad() throws Throwable { String data; if (IO.staticReturnsTrueOrFalse()) { /* get system property user.home */ /* POTENTIAL FLAW: Read data from a system property */ data = System.getProperty("user.home"); } else { /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.staticReturnsTrueOrFalse()) { if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; Statement sqlStatement = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); for (int i = 0; i < names.length; i++) { /* POTENTIAL FLAW: data concatenated into SQL statement used in executeBatch(), which could result in SQL Injection */ sqlStatement.addBatch( "update users set hitcount=hitcount+1 where name='" + names[i] + "'"); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statament", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } else { if (data != null) { String names[] = data.split("-"); int successCount = 0; Connection dbConnection = null; PreparedStatement sqlStatement = null; try { /* FIX: Use prepared statement and executeBatch (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement("update users set hitcount=hitcount+1 where name=?"); for (int i = 0; i < names.length; i++) { sqlStatement.setString(1, names[i]); sqlStatement.addBatch(); } int resultsArray[] = sqlStatement.executeBatch(); for (int i = 0; i < names.length; i++) { if (resultsArray[i] > 0) { successCount++; } } IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries."); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } }