/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { int data; /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; CWE789_Uncontrolled_Mem_Alloc__database_HashSet_81_base baseObject = new CWE789_Uncontrolled_Mem_Alloc__database_HashSet_81_goodG2B(); baseObject.action(data); }
public void bad() throws Throwable { int data; data = Integer.MIN_VALUE; /* Initialize data */ /* Read data from a database */ { Connection connection = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; try { /* setup the connection */ connection = IO.getDBConnection(); /* prepare and execute a (hardcoded) query */ preparedStatement = connection.prepareStatement("select name from users where id=0"); resultSet = preparedStatement.executeQuery(); /* POTENTIAL FLAW: Read data from a database query resultset */ String stringNumber = resultSet.getString(1); if (stringNumber != null) /* avoid NPD incidental warnings */ { try { data = Integer.parseInt(stringNumber.trim()); } catch (NumberFormatException exceptNumberFormat) { IO.logger.log( Level.WARNING, "Number format exception parsing data from string", exceptNumberFormat); } } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error with SQL statement", exceptSql); } finally { /* Close database objects */ try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (preparedStatement != null) { preparedStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (connection != null) { connection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } CWE789_Uncontrolled_Mem_Alloc__database_HashSet_81_base baseObject = new CWE789_Uncontrolled_Mem_Alloc__database_HashSet_81_bad(); baseObject.action(data); }