/* goodG2B() - use goodsource and badsink by changing the "if" so that both branches use the GoodSource */ private void goodG2B() throws Throwable { String data; if (IO.static_returns_t_or_f()) { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } else { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } /* POTENTIAL FLAW: unvalidated or sandboxed value */ File fIn = new File(data); if (fIn.exists() && fIn.isFile()) { IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine()); } }
/* uses badsource and badsink - see how tools report flaws that don't always occur */ public void bad() throws Throwable { String data; if (IO.static_returns_t_or_f()) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ Connection conn = null; PreparedStatement statement = null; ResultSet rs = null; BufferedReader buffread = null; InputStreamReader instrread = null; try { /* setup the connection */ conn = IO.getDBConnection(); /* prepare the query */ statement = conn.prepareStatement("select name from users where id=?"); /* get user input for the userid */ IO.writeLine("Enter a userid to login as (number): "); instrread = new InputStreamReader(System.in); buffread = new BufferedReader(instrread); int num = Integer.parseInt(buffread.readLine()); statement.setInt(1, num); rs = statement.executeQuery(); data = rs.getString(1); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } /* clean up database objects */ try { if (rs != null) { rs.close(); } } catch (SQLException se) { log_bad.warning("Error closing rs"); } finally { try { if (statement != null) { statement.close(); } } catch (SQLException se) { log_bad.warning("Error closing statement"); } finally { try { if (conn != null) { conn.close(); } } catch (SQLException se) { log_bad.warning("Error closing conn"); } } } } } else { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } String root = "C:\\uploads\\"; /* POTENTIAL FLAW: no validation of concatenated value */ File fIn = new File(root + data); if (fIn.exists() && fIn.isFile()) { IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine()); } }
public void bad() throws Throwable { if (IO.static_returns_t_or_f()) { java.util.logging.Logger log_bs = java.util.logging.Logger.getLogger("local-logger"); Socket sock = null; PrintWriter out = null; try { sock = new Socket("remote_host", 1337); out = new PrintWriter(sock.getOutputStream(), true); /* FLAW: sending over an unencrypted (non-SSL) channel */ out.println("plaintext send"); } catch (Exception ex) { IO.writeLine("Error writing to the socket"); } finally { try { if (out != null) { out.close(); } } catch (Exception e) { log_bs.warning("Error closing out"); } try { if (sock != null) { sock.close(); } } catch (Exception e) { log_bs.warning("Error closing sock"); } } } else { java.util.logging.Logger log_gs = java.util.logging.Logger.getLogger("local-logger"); OutputStream outStream = null; BufferedWriter bWriter = null; OutputStreamWriter outStreamWriter = null; SSLSocketFactory sslssocketfactory = null; SSLSocket sslsocket = null; try { sslssocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); sslsocket = (SSLSocket) sslssocketfactory.createSocket("remote_host", 1337); outStream = sslsocket.getOutputStream(); outStreamWriter = new OutputStreamWriter(outStream); bWriter = new BufferedWriter(outStreamWriter); /* FIX: sending over an SSL encrypted channel */ bWriter.write("encrypted send"); bWriter.flush(); } catch (Exception ex) { IO.writeLine("Error writing to the socket"); } finally { try { if (bWriter != null) { bWriter.close(); } } catch (IOException e) { log_gs.warning("Error closing bWriter"); } finally { try { if (outStreamWriter != null) { outStreamWriter.close(); } } catch (IOException e) { log_gs.warning("Error closing outStreamWriter"); } } try { if (sslsocket != null) { sslsocket.close(); } } catch (Exception e) { log_gs.warning("Error closing sslsocket"); } } } }
/* uses badsource and badsink - see how tools report flaws that don't always occur */ public void bad() throws Throwable { String data; if (IO.static_returns_t_or_f()) { Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ /* Read data using a listening tcp connection */ ServerSocket listener = null; Socket sock = null; BufferedReader buffread = null; InputStreamReader instrread = null; try { /* read input from socket */ listener = new ServerSocket(39543); sock = listener.accept(); instrread = new InputStreamReader(sock.getInputStream()); buffread = new BufferedReader(instrread); data = buffread.readLine(); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } /* clean up socket objects */ try { if (sock != null) { sock.close(); } } catch (IOException e) { log_bad.warning("Error closing sock"); } finally { try { if (listener != null) { listener.close(); } } catch (IOException e) { log_bad.warning("Error closing listener"); } } } } else { java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; } /* POTENTIAL FLAW: unvalidated or sandboxed value */ File fIn = new File(data); if (fIn.exists() && fIn.isFile()) { IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine()); } }