/* goodB2G() - use badsource and goodsink by changing the second "if" so that
both branches use the GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (IO.static_returns_t_or_f()) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
/* goodB2G() - use badsource and goodsink by changing the second "if" so that
* both branches use the GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.staticReturnsTrueOrFalse()) {
/* POTENTIAL FLAW: Read data from a querystring using getParameter */
data = request.getParameter("name");
} else {
/* POTENTIAL FLAW: Read data from a querystring using getParameter */
data = request.getParameter("name");
}
if (IO.staticReturnsTrueOrFalse()) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
if (data != null) {
data = URLEncoder.encode(data, "UTF-8");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
if (data != null) {
data = URLEncoder.encode(data, "UTF-8");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
}
/* good2() reverses the bodies in the if statement */
private void good2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
if (IO.STATIC_FINAL_FIVE == 5) {
if (request.getParameter("username") == null) {
return;
}
String username = request.getParameter("username");
if (username.matches("[a-zA-Z0-9]*")) {
/* FIX: logged message does not contain session id */
log("Username: "******" logged in");
} else {
response.getWriter().println("Invalid characters");
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
if (IO.STATIC_FINAL_FIVE == 5) {
if (request.getParameter("username") == null) {
return;
}
String username = request.getParameter("username");
if (username.matches("[a-zA-Z0-9]*")) {
HttpSession session = request.getSession(true);
/* FLAW: Expose the session ID to server log */
log("Username: "******" Session ID:" + session.getId());
} else {
response.getWriter().println("Invalid characters");
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int count;
if (PRIVATE_STATIC_FINAL_TRUE) {
count = Integer.MIN_VALUE; /* initialize count in case there are no cookies */
/* Read count from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read count from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading count from cookie",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (PRIVATE_STATIC_FINAL_TRUE) {
int i = 0;
/* POTENTIAL FLAW: For loop using count as the loop variant and no validation */
for (i = 0; i < count; i++) {
IO.writeLine("Hello");
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (privateFive == 5) {
data = ""; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=foo" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
data = token.substring(3); /* set data to "foo" */
break; /* exit while loop */
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (privateFive == 5) {
int numberOfLoops;
try {
numberOfLoops = Integer.parseInt(data);
} catch (NumberFormatException exceptNumberFormat) {
IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
numberOfLoops = 1;
}
for (int i = 0; i < numberOfLoops; i++) {
/* POTENTIAL FLAW: user supplied input used for loop counter test */
IO.writeLine("hello world");
}
}
}
/* uses badsource and badsink */
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int dataCopy;
{
int data;
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
dataCopy = data;
}
{
int data = dataCopy;
/* POTENTIAL FLAW: Create a HashSet using data as the initial size. data may be very large, creating memory issues */
HashSet intHashSet = new HashSet(data);
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* POTENTIAL FLAW: Zero modulus will cause an issue. An integer division will
result in an exception. */
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
if (PRIVATE_STATIC_FINAL_TRUE) {
data = Integer.MIN_VALUE; /* Initialize data */
/* POTENTIAL FLAW: Read data from a querystring using getParameter() */
{
String stringNumber = request.getParameter("name");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from parameter 'name'",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
if (PRIVATE_STATIC_FINAL_TRUE) {
/* POTENTIAL FLAW: if data == Integer.MAX_VALUE, this will overflow */
int result = (int) (data + 1);
IO.writeLine("result: " + result);
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t_or_f()) {
/* POTENTIAL FLAW: Input from file not verified */
response.addHeader("Location", "/author.jsp?lang=" + data);
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
/* goodB2G() - use badsource and goodsink by switching statements around return */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from request */
data = request.getParameter("name");
{
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.setHeader("Location", "/author.jsp?lang=" + data);
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
/* POTENTIAL FLAW: Input not verified before inclusion in header */
response.setHeader("Location", "/author.jsp?lang=" + data);
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* Initialize data */
/* POTENTIAL FLAW: Read data from a querystring using getParameter() */
{
String stringNumber = request.getParameter("name");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from parameter 'name'",
exceptNumberFormat);
}
}
/* FIX: Add a check to prevent an overflow from occurring */
/* NOTE: Math.abs of the minimum int or long will return that same value, so we must check for it */
if ((data != Integer.MIN_VALUE)
&& (data != Long.MIN_VALUE)
&& (Math.abs(data) <= (long) Math.sqrt(Integer.MAX_VALUE))) {
int result = (int) (data * data);
IO.writeLine("result: " + result);
} else {
IO.writeLine("data value is too large to perform squaring.");
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
(new CWE129_Improper_Validation_of_Array_Index__getCookies_Servlet_array_write_no_check_53b())
.goodB2GSink(data, request, response);
}
/* uses badsource and badsink */
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (true) {
data = ""; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=foo" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
data = token.substring(3); /* set data to "foo" */
break; /* exit while loop */
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
/* POTENTIAL FLAW: Instantiate object of class named in data (which may be from external input) */
Class<?> tempClass = Class.forName(data);
Object tempClassObject = tempClass.newInstance();
IO.writeLine(tempClassObject.toString()); /* Use tempClassObject in some way */
}
/* goodG2B1() - use goodsource and badsink by changing first private_final_five==5 to private_final_five!=5 */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
/* INCIDENTAL: CWE 570 Statement is Always False */
if (private_final_five != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from request */
String s_data = request.getParameter("name");
data = Integer.parseInt(s_data.trim());
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_final_five == 5) {
/* POTENTIAL FLAW: Zero denominator will cause an issue. An integer division will
result in an exception. */
IO.writeLine("bad: 100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: test for a zero denominator */
if (data != 0) {
IO.writeLine("100/" + String.valueOf(data) + " = " + (100 / data) + "\n");
} else {
IO.writeLine("This would result in a divide by zero");
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_final_five == 5) {
/* FIX: Set data to a fixed, non-null String */
data = "CWE690";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* POTENTIAL FLAW: data may be set to null */
data = request.getParameter("CWE690");
}
if (IO.static_final_five == 5) {
/* POTENTIAL FLAW: data could be null */
if (data.equals("CWE690")) {
IO.writeLine("data is CWE690");
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: call equals() on string literal (that is not null) */
if ("CWE690".equals(data)) {
IO.writeLine("data is CWE690");
}
}
}
/* goodG2B1() - use goodsource and badsink by changing first private_returns_t() to private_returns_f() */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* INCIDENTAL: CWE 570 Statement is Always False */
if (private_returns_f()) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from request */
data = request.getParameter("name");
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (private_returns_t()) {
try {
int iConversion = Integer.valueOf(data);
} catch (Exception e) {
e.printStackTrace(); /* POTENTIAL FLAW: Print stack trace on error */
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
try {
int iConversion = Integer.valueOf(data);
} catch (Exception e) {
IO.writeLine("There was an error parsing the string"); /* FIX: print a generic message */
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* We need to have one source outside of a for loop in order
to prevent the Java compiler from generating an error because
data is uninitialized */
/* POTENTIAL FLAW: data may be set to null */
data = request.getParameter("CWE690");
for (int for_index_i = 0; for_index_i < 0; for_index_i++) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: Set data to a fixed, non-null String */
data = "CWE690";
}
for (int for_index_j = 0; for_index_j < 1; for_index_j++) {
/* POTENTIAL FLAW: data could be null */
String sOut = data.trim();
IO.writeLine(sOut);
}
for (int for_index_k = 0; for_index_k < 0; for_index_k++) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: explicit check for null */
if (data != null) {
String sOut = data.trim();
IO.writeLine(sOut);
}
}
}
/* goodG2B() - use goodsource and badsink by moving BadSource and BadSink to after return */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
{
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
/* POTENTIAL FLAW: Input not verified before inclusion in header */
response.setHeader("Location", "/author.jsp?lang=" + data);
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from request */
data = request.getParameter("name");
/* POTENTIAL FLAW: Input not verified before inclusion in header */
response.setHeader("Location", "/author.jsp?lang=" + data);
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (data != null) {
/* POTENTIAL FLAW: script code (e.g. id=<script>alert('xss')</script>) is sent to the client; The built-in J2EE server automatically does some HTML entity encoding. Therefore, to test this, change response.sendError to response.getWriter().println and remove the 404,
*/
response.sendError(404, "<br>bad() - Parameter name has value " + data);
}
}
/* uses badsource and badsink */
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParam) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=33" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
try {
data = Integer.parseInt(token.substring(3)); /* set data to the int 33 */
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading id from query string",
exceptNumberFormat);
}
break; /* exit while loop */
}
}
}
dataBad = data;
badSink(request, response);
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
while (true) {
data = Integer.MIN_VALUE; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParam) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=33" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
try {
data = Integer.parseInt(token.substring(3)); /* set data to the int 33 */
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading id from query string",
exceptNumberFormat);
}
break; /* exit while loop */
}
}
}
break;
}
while (true) {
if (data < 0) /* ensure we won't have an overflow */ {
/* POTENTIAL FLAW: if (data * 2) < Integer.MIN_VALUE, this will underflow */
int result = (int) (data * 2);
IO.writeLine("result: " + result);
}
break;
}
}
/* goodB2G() - use badsource and goodsink by changing the conditions on
the second and third for statements */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* POTENTIAL FLAW: data may be set to null */
data = request.getParameter("CWE690");
for (int for_index_i = 0; for_index_i < 0; for_index_i++) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* FIX: Set data to a fixed, non-null String */
data = "CWE690";
}
for (int for_index_j = 0; for_index_j < 0; for_index_j++) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
/* POTENTIAL FLAW: data could be null */
String sOut = data.trim();
IO.writeLine(sOut);
}
for (int for_index_k = 0; for_index_k < 1; for_index_k++) {
/* FIX: explicit check for null */
if (data != null) {
String sOut = data.trim();
IO.writeLine(sOut);
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
{
try {
int iConversion = Integer.valueOf(data);
} catch (Exception e) {
e.printStackTrace(); /* POTENTIAL FLAW: Print stack trace on error */
}
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
try {
int iConversion = Integer.valueOf(data);
} catch (Exception e) {
IO.writeLine("There was an error parsing the string"); /* FIX: print a generic message */
}
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParam) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=33" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
try {
data = Integer.parseInt(token.substring(3)); /* set data to the int 33 */
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading id from query string",
exceptNumberFormat);
}
break; /* exit while loop */
}
}
}
int[] dataArray = new int[5];
dataArray[2] = data;
(new CWE369_Divide_by_Zero__int_getQueryString_Servlet_modulo_66b())
.goodB2GSink(dataArray, request, response);
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParam) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=33" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
try {
data = Integer.parseInt(token.substring(3)); /* set data to the int 33 */
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading id from query string",
exceptNumberFormat);
}
break; /* exit while loop */
}
}
}
if (data > 0) /* ensure we won't have an underflow */ {
/* FIX: Add a check to prevent an overflow from occurring */
if (data < (Integer.MAX_VALUE / 2)) {
int result = (int) (data * 2);
IO.writeLine("result: " + result);
} else {
IO.writeLine("data value is too large to perform multiplication.");
}
}
}
/* uses badsource and badsink */
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (privateTrue) {
data = ""; /* initialize data in case id is not in query string */
/* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */
{
StringTokenizer tokenizer = new StringTokenizer(request.getQueryString(), "&");
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken(); /* a token will be like "id=foo" */
if (token.startsWith("id=")) /* check if we have the "id" parameter" */ {
data = token.substring(3); /* set data to "foo" */
break; /* exit while loop */
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (data != null) {
/* POTENTIAL FLAW: Display of data in web page without any encoding or validation */
response.getWriter().println("<br>bad(): data = " + data);
}
}
/* uses badsource and badsink */
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
if (privateReturnsTrue()) {
data = Integer.MIN_VALUE; /* Initialize data */
/* POTENTIAL FLAW: Read data from a querystring using getParameter() */
{
String stringNumber = request.getParameter("name");
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from parameter 'name'",
exceptNumberFormat);
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
}
/* POTENTIAL FLAW: Create an ArrayList using data as the initial size. data may be very large, creating memory issues */
ArrayList intArrayList = new ArrayList(data);
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* FIX: test for a zero modulus */
if (data != 0) {
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
} else {
IO.writeLine("This would result in a modulo by zero");
}
}
}
/* goodG2B1() - use goodsource and badsink by changing first 5==5 to 5!=5 */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* INCIDENTAL: CWE 570 Statement is Always False */
if (5 != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (5 == 5) {
Cookie cookieSink = new Cookie("lang", data);
/* POTENTIAL FLAW: Input not verified before inclusion in the cookie */
response.addCookie(cookieSink);
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Cookie cookieSink = new Cookie("lang", URLEncoder.encode(data, "UTF-16"));
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
response.addCookie(cookieSink);
}
}
