/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
if (privateTrue) {
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process process = Runtime.getRuntime().exec(osCommand + data);
process.waitFor();
}
/* goodB2G() - use badsource and goodsink by changing the second "if" so that
* both branches use the GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.staticReturnsTrueOrFalse()) {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
} else {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
}
if (IO.staticReturnsTrueOrFalse()) {
if (data != null) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-8");
response.setHeader("Location", "/author.jsp?lang=" + data);
}
} else {
if (data != null) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-8");
response.setHeader("Location", "/author.jsp?lang=" + data);
}
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
String root;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
root = "C:\\uploads\\";
} else {
/* running on non-Windows */
root = "/home/user/uploads/";
}
if (data != null) {
/* POTENTIAL FLAW: no validation of concatenated value */
File file = new File(root + data);
FileInputStream streamFileInputSink = null;
InputStreamReader readerInputStreamSink = null;
BufferedReader readerBufferdSink = null;
if (file.exists() && file.isFile()) {
try {
streamFileInputSink = new FileInputStream(file);
readerInputStreamSink = new InputStreamReader(streamFileInputSink, "UTF-8");
readerBufferdSink = new BufferedReader(readerInputStreamSink);
IO.writeLine(readerBufferdSink.readLine());
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
} finally {
/* Close stream reading objects */
try {
if (readerBufferdSink != null) {
readerBufferdSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
}
try {
if (readerInputStreamSink != null) {
readerInputStreamSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
}
try {
if (streamFileInputSink != null) {
streamFileInputSink.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
}
}
}
}
}
/* goodB2G1() - use badsource and goodsink by changing second privateReturnsTrue() to privateReturnsFalse() */
private void goodB2G1() throws Throwable {
String data;
if (privateReturnsTrue()) {
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (privateReturnsFalse()) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
String xmlFile = null;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
} else {
/* running on non-Windows */
xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
}
if (data != null) {
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
/* FIX: validate input using StringEscapeUtils */
String username = StringEscapeUtils.escapeXml(tokens[0]);
String password = StringEscapeUtils.escapeXml(tokens[1]);
/* build xpath */
XPath xPath = XPathFactory.newInstance().newXPath();
InputSource inputXml = new InputSource(xmlFile);
String query =
"//users/user[name/text()='"
+ username
+ "' and pass/text()='"
+ password
+ "']"
+ "/secret/text()";
String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2() throws Throwable {
String data;
if (IO.static_returns_t()) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
data = ""; /* init data */
File f = new File("C:\\data.txt");
BufferedReader buffread = null;
FileReader fread = null;
try {
/* read string from file into data */
fread = new FileReader(f);
buffread = new BufferedReader(fread);
data = buffread.readLine(); // This will be reading the first "line" of the file, which
// could be very long if there are little or no newlines in the file\
} catch (IOException ioe) {
log_bad.warning("Error with stream reading");
} catch (NumberFormatException nfe) {
log_bad.warning("Error with number parsing");
} finally {
/* clean up stream reading objects */
try {
if (buffread != null) {
buffread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing buffread");
} finally {
try {
if (fread != null) {
fread.close();
}
} catch (IOException ioe) {
log_bad.warning("Error closing fread");
}
}
}
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process p = Runtime.getRuntime().exec(osCommand + data);
p.waitFor();
}
public void bad() throws Throwable {
String data;
switch (6) {
case 6:
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7) {
case 7:
if (data != null) {
/* POTENTIAL FLAW: uncontrolled string formatting */
System.out.printf(data);
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G() throws Throwable {
int data;
while (true) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
break;
}
while (true) {
/* FIX: Add a check to prevent an overflow from occurring */
if (data < Integer.MAX_VALUE) {
int result = (int) (data + 1);
IO.writeLine("result: " + result);
} else {
IO.writeLine("data value is too large to perform addition.");
}
break;
}
}
private int bad_source() throws Throwable {
int data;
if (badPrivate) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
return data;
}
public void bad() throws Throwable {
int data;
if (IO.STATIC_FINAL_TRUE) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.STATIC_FINAL_TRUE) {
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Verify that data < array.length, but don't verify that data > 0, so may be attempting to read out of the array bounds */
if (data < array.length) {
IO.writeLine(array[data]);
} else {
IO.writeLine("Array index out of bounds");
}
}
}
/* goodG2B() - use goodsource and badsink by changing the conditions on the first and second while statements */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
boolean local_f = false;
while (true) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
break;
}
while (local_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* get environment variable ADD */
data = System.getenv("ADD");
break;
}
while (true) {
Cookie cookieSink = new Cookie("lang", data);
/* POTENTIAL FLAW: Input not verified before inclusion in the cookie */
response.addCookie(cookieSink);
break;
}
while (local_f) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Cookie cookieSink = new Cookie("lang", URLEncoder.encode(data, "UTF-16"));
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
response.addCookie(cookieSink);
break;
}
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the second switch */
private void goodB2G2() throws Throwable {
String data;
switch (6) {
case 6:
/* POTENTIAL FLAW: data may be set to null */
data = System.getProperty("CWE690");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7) {
case 7:
/* FIX: call equals() on string literal (that is not null) */
if ("CWE690".equals(data)) {
IO.writeLine("data is CWE690");
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
public void bad() throws Throwable {
int data;
if (IO.staticReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.staticReturnsTrue()) {
/* POTENTIAL FLAW: if data == Integer.MIN_VALUE, this will overflow */
int result = (int) (data - 1);
IO.writeLine("result: " + result);
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
int data;
if (IO.staticReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (IO.staticReturnsTrue()) {
/* FIX: Add a check to prevent an overflow from occurring */
if (data > Integer.MIN_VALUE) {
int result = (int) (data - 1);
IO.writeLine("result: " + result);
} else {
IO.writeLine("data value is too small to perform subtraction.");
}
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
short data;
data = Short.MIN_VALUE; /* Initialize data */
/* get environment variable ADD */
/* FLAW: Read data from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
data = Short.parseShort(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
for (int i = 0; i < 1; i++) {
{
/* POTENTIAL FLAW: Convert data to a byte, possibly causing a truncation error */
IO.writeLine((byte) data);
}
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G() throws Throwable {
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat);
}
}
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* FIX: Verify index before writing to array at location data */
if (data >= 0 && data < array.length) {
array[data] = 42;
} else {
IO.writeLine("Array index out of bounds");
}
}
public void bad() throws Throwable {
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat);
}
}
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Attempt to write to array at location data, which may be outside the array bounds */
array[data] = 42;
/* Skip reading back data from array since that may be another out of bounds operation */
}
public void bad() throws Throwable {
int data;
if (privateReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (privateReturnsTrue()) {
/* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */
int array[] = {0, 1, 2, 3, 4};
/* POTENTIAL FLAW: Attempt to read from array at location data, which may be outside the array bounds */
IO.writeLine(array[data]);
}
}
/* goodB2G1() - use badsource and goodsink by changing second IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */
private void goodB2G1() throws Throwable {
String data;
if (IO.STATIC_FINAL_FIVE == 5) {
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
data = System.getenv("ADD");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (IO.STATIC_FINAL_FIVE != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
if (data != null) {
String names[] = data.split("-");
int successCount = 0;
Connection dbConnection = null;
PreparedStatement sqlStatement = null;
try {
/* FIX: Use prepared statement and executeBatch (properly) */
dbConnection = IO.getDBConnection();
sqlStatement =
dbConnection.prepareStatement("update users set hitcount=hitcount+1 where name=?");
for (int i = 0; i < names.length; i++) {
sqlStatement.setString(1, names[i]);
sqlStatement.addBatch();
}
int resultsArray[] = sqlStatement.executeBatch();
for (int i = 0; i < names.length; i++) {
if (resultsArray[i] > 0) {
successCount++;
}
}
IO.writeLine("Succeeded in " + successCount + " out of " + names.length + " queries.");
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (sqlStatement != null) {
sqlStatement.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
}
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
}
}
public void bad() throws Throwable {
int count;
if (privateFive == 5) {
count = Integer.MIN_VALUE; /* Initialize count */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read count from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing count from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (privateFive == 5) {
/* POTENTIAL FLAW: Use count as the input to Thread.sleep() */
Thread.sleep(count);
}
}
public void bad() throws Throwable {
String data;
switch (6) {
case 6:
/* POTENTIAL FLAW: data may be set to null */
data = System.getProperty("CWE690");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7) {
case 7:
/* POTENTIAL FLAW: data could be null */
if (data.equals("CWE690")) {
IO.writeLine("data is CWE690");
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
int data;
if (privateReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
{
/* POTENTIAL FLAW: Convert data to a short, possibly causing a truncation error */
IO.writeLine((short) data);
}
}
public void action(String data) throws Throwable {
String xmlFile = null;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
} else {
/* running on non-Windows */
xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
}
if (data != null) {
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
String username = tokens[0];
String password = tokens[1];
/* build xpath */
XPath xPath = XPathFactory.newInstance().newXPath();
InputSource inputXml = new InputSource(xmlFile);
/* INCIDENTAL: CWE180 Incorrect Behavior Order: Validate Before Canonicalize
* The user input should be canonicalized before validation. */
/* POTENTIAL FLAW: user input is used without validate */
String query =
"//users/user[name/text()='"
+ username
+ "' and pass/text()='"
+ password
+ "']"
+ "/secret/text()";
String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void goodB2G2() throws Throwable {
float data;
if (IO.staticReturnsTrue()) {
data = -1.0f; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
if (stringNumber != null) {
try {
data = Float.parseFloat(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0.0f;
}
if (IO.staticReturnsTrue()) {
/* FIX: Check for value of or near zero before modulo */
if (Math.abs(data) > 0.000001) {
int result = (int) (100.0 % data);
IO.writeLine(result);
} else {
IO.writeLine("This would result in a modulo by zero");
}
}
}
/* goodG2B1() - use goodsource and badsink by changing privateTrue to privateFalse */
private void goodG2B1() throws Throwable {
String data;
if (privateFalse) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
} else {
/* FIX: Use a hardcoded string */
data = "foo";
}
String osCommand;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
osCommand = "c:\\WINDOWS\\SYSTEM32\\cmd.exe /c dir ";
} else {
/* running on non-Windows */
osCommand = "/bin/ls ";
}
/* POTENTIAL FLAW: command injection */
Process process = Runtime.getRuntime().exec(osCommand + data);
process.waitFor();
}
public void bad() throws Throwable {
int data;
if (PRIVATE_STATIC_FINAL_FIVE == 5) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (PRIVATE_STATIC_FINAL_FIVE == 5) {
if (data < 0) /* ensure we won't have an overflow */ {
/* POTENTIAL FLAW: if (data * 2) < Integer.MIN_VALUE, this will underflow */
int result = (int) (data * 2);
IO.writeLine("result: " + result);
}
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
short data;
if (privateTrue) {
data = Short.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Short.parseShort(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
{
/* POTENTIAL FLAW: Convert data to a byte, possibly causing a truncation error */
IO.writeLine((byte) data);
}
}
public void bad() throws Throwable {
float data;
if (IO.staticReturnsTrue()) {
data = -1.0f; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
if (stringNumber != null) {
try {
data = Float.parseFloat(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0.0f;
}
if (IO.staticReturnsTrue()) {
/* POTENTIAL FLAW: Possibly modulo by zero */
int result = (int) (100.0 % data);
IO.writeLine(result);
}
}
public void bad() throws Throwable {
int data;
while (true) {
data = Integer.MIN_VALUE; /* Initialize data */
/* get environment variable ADD */
/* POTENTIAL FLAW: Read data from an environment variable */
{
String stringNumber = System.getenv("ADD");
if (stringNumber != null) // avoid NPD incidental warnings
{
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
}
break;
}
while (true) {
/* POTENTIAL FLAW: if data == Integer.MAX_VALUE, this will overflow */
int result = (int) (data + 1);
IO.writeLine("result: " + result);
break;
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
String data;
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
Connection dbConnection = null;
try {
dbConnection = IO.getDBConnection();
/* POTENTIAL FLAW: Set the catalog name with the value of data
* allowing a nonexistent catalog name or unauthorized access to a portion of the DB */
dbConnection.setCatalog(data);
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
} finally {
try {
if (dbConnection != null) {
dbConnection.close();
}
} catch (SQLException exceptSql) {
IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
}
}
}
/* uses badsource and badsink */
public void bad() throws Throwable {
int dataCopy;
{
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
{
String stringNumber = System.getProperty("user.home");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception parsing data from string",
exceptNumberFormat);
}
}
dataCopy = data;
}
{
int data = dataCopy;
/* POTENTIAL FLAW: Create a HashMap using data as the initial size. data may be very large, creating memory issues */
HashMap intHashMap = new HashMap(data);
}
}