/* goodB2G() - use badsource and goodsink by changing the second "if" so that
both branches use the GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (IO.static_returns_t_or_f()) {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (data != null) {
/* POTENTIAL FLAW: script code (e.g. id=<script>alert('xss')</script>) is sent to the client; The built-in J2EE server automatically does some HTML entity encoding. Therefore, to test this, change response.sendError to response.getWriter().println and remove the 404,
*/
response.sendError(404, "<br>bad() - Parameter name has value " + data);
}
}
/* goodG2B1() - use goodsource and badsink by changing first 5==5 to 5!=5 */
private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
/* INCIDENTAL: CWE 570 Statement is Always False */
if (5 != 5) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (5 == 5) {
Cookie cookieSink = new Cookie("lang", data);
/* POTENTIAL FLAW: Input not verified before inclusion in the cookie */
response.addCookie(cookieSink);
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Cookie cookieSink = new Cookie("lang", URLEncoder.encode(data, "UTF-16"));
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
response.addCookie(cookieSink);
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
(new CWE129_Improper_Validation_of_Array_Index__getCookies_Servlet_array_write_no_check_53b())
.goodB2GSink(data, request, response);
}
/* uses badsource and badsink */
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int dataCopy;
{
int data;
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
dataCopy = data;
}
{
int data = dataCopy;
/* POTENTIAL FLAW: Create a HashSet using data as the initial size. data may be very large, creating memory issues */
HashSet intHashSet = new HashSet(data);
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
{
try {
int iConversion = Integer.valueOf(data);
} catch (Exception e) {
e.printStackTrace(); /* POTENTIAL FLAW: Print stack trace on error */
}
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
try {
int iConversion = Integer.valueOf(data);
} catch (Exception e) {
IO.writeLine("There was an error parsing the string"); /* FIX: print a generic message */
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_final_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
String root = "C:\\uploads\\";
/* POTENTIAL FLAW: no validation of concatenated value */
File fIn = new File(root + data);
if (fIn.exists() && fIn.isFile()) {
IO.writeLine(new BufferedReader(new FileReader(fIn)).readLine());
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* POTENTIAL FLAW: Zero modulus will cause an issue. An integer division will
result in an exception. */
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data_copy;
{
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
data_copy = data;
}
{
int data = data_copy;
/* FIX: test for a zero modulus */
if (data != 0) {
IO.writeLine("100%" + String.valueOf(data) + " = " + (100 % data) + "\n");
} else {
IO.writeLine("This would result in a modulo by zero");
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_returns_t_or_f()) {
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
} else {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
}
if (IO.static_returns_t_or_f()) {
/* POTENTIAL FLAW: Input from file not verified */
response.addHeader("Location", "/author.jsp?lang=" + data);
} else {
/* FIX: use URLEncoder.encode to hex-encode non-alphanumerics */
data = URLEncoder.encode(data, "UTF-16");
response.addHeader("Location", "/author.jsp?lang=" + data);
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int count;
if (PRIVATE_STATIC_FINAL_TRUE) {
count = Integer.MIN_VALUE; /* initialize count in case there are no cookies */
/* Read count from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read count from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading count from cookie",
exceptNumberFormat);
}
}
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure count is inititialized before the Sink to avoid compiler errors */
count = 0;
}
if (PRIVATE_STATIC_FINAL_TRUE) {
int i = 0;
/* POTENTIAL FLAW: For loop using count as the loop variant and no validation */
for (i = 0; i < count; i++) {
IO.writeLine("Hello");
}
}
}
/* goodG2B() - use goodsource and badsink by moving BadSource and BadSink to after return */
private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
{
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded string */
data = "foo";
if (data != null) {
/* This prevents \r\n (and other chars) and should prevent incidentals such
* as HTTP Response Splitting and HTTP Header Injection.
*/
URI u;
try {
u = new URI(data);
} catch (URISyntaxException e) {
response.getWriter().write("Invalid redirect URL");
return;
}
/* POTENTIAL FLAW: redirect is sent verbatim; escape the string to prevent ancillary issues like XSS, Response splitting etc */
response.sendRedirect(data);
return;
}
}
if (true) return; /* INCIDENTAL: CWE 571 Expression is Always True.
We need the "if(true)" because the Java Language Spec requires that
unreachable code generate a compiler error */
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
{
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
if (data != null) {
/* This prevents \r\n (and other chars) and should prevent incidentals such
* as HTTP Response Splitting and HTTP Header Injection.
*/
URI u;
try {
u = new URI(data);
} catch (URISyntaxException e) {
response.getWriter().write("Invalid redirect URL");
return;
}
/* POTENTIAL FLAW: redirect is sent verbatim; escape the string to prevent ancillary issues like XSS, Response splitting etc */
response.sendRedirect(data);
return;
}
}
}
/* goodB2G() - use BadSource and GoodSink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int count;
count = Integer.MIN_VALUE; /* initialize count in case there are no cookies */
/* Read count from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read count from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
count = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading count from cookie",
exceptNumberFormat);
}
}
}
/* serialize count to a byte array */
ByteArrayOutputStream streamByteArrayOutput = null;
ObjectOutput outputObject = null;
try {
streamByteArrayOutput = new ByteArrayOutputStream();
outputObject = new ObjectOutputStream(streamByteArrayOutput);
outputObject.writeObject(count);
byte[] countSerialized = streamByteArrayOutput.toByteArray();
(new CWE400_Resource_Exhaustion__getCookies_Servlet_write_75b())
.goodB2GSink(countSerialized, request, response);
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO);
} finally {
/* clean up stream writing objects */
try {
if (outputObject != null) {
outputObject.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO);
}
try {
if (streamByteArrayOutput != null) {
streamByteArrayOutput.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO);
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
/* serialize data to a byte array */
ByteArrayOutputStream streamByteArrayOutput = null;
ObjectOutput outputObject = null;
try {
streamByteArrayOutput = new ByteArrayOutputStream();
outputObject = new ObjectOutputStream(streamByteArrayOutput);
outputObject.writeObject(data);
byte[] dataSerialized = streamByteArrayOutput.toByteArray();
(new CWE129_Improper_Validation_of_Array_Index__getCookies_Servlet_array_size_75b())
.badSink(dataSerialized, request, response);
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO);
} finally {
/* clean up stream writing objects */
try {
if (outputObject != null) {
outputObject.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO);
}
try {
if (streamByteArrayOutput != null) {
streamByteArrayOutput.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO);
}
}
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
goodB2G_sink(data, request, response);
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
(new CWE89_SQL_Injection__getCookies_Servlet_executeUpdate_68b()).badSink(request, response);
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
if (IO.static_five == 5) {
data = "5";
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
}
if (IO.static_five == 5) {
int loopNum;
try {
loopNum = Integer.parseInt(data);
} catch (NumberFormatException nfe) {
IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
loopNum = 1;
}
for (int i = 0; i < loopNum; i++) {
/* POTENTIAL FLAW: user supplied input used for loop counter test */
IO.writeLine("hello world");
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
int loopNum;
try {
loopNum = Integer.parseInt(data);
} catch (NumberFormatException nfe) {
IO.writeLine("Invalid response. Numeric input expected. Assuming 1.");
loopNum = 1;
}
/* FIX: loop number thresholds validated */
if (loopNum >= 0 && loopNum <= 5) {
for (int i = 0; i < loopNum; i++) {
IO.writeLine("hello world");
}
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing statements in first if */
private void goodG2B2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_final_t) {
java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger");
/* FIX: Use a hardcoded number that won't cause underflow, overflow,
divide by zero, or loss-of-precision issues */
data = 2;
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
}
/* INCIDENTAL: CWE 571 Statement is Always True */
if (IO.static_final_t) {
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data > 0) /* ensure we don't have an underflow */ {
/* POTENTIAL FLAW: if (data*valueToMult) > MAX_VALUE, this will overflow */
int result = (data * valueToMult);
IO.writeLine("result: " + result);
}
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
int valueToMult = (new SecureRandom()).nextInt(98) + 2; /* multiply by at least 2 */
if (data > 0) /* ensure we don't have an underflow */ {
int result = 0;
/* FIX: Add a check to prevent an overflow from occurring */
if (data <= (Integer.MAX_VALUE / valueToMult)) {
result = (data * valueToMult);
IO.writeLine("result: " + result);
} else {
IO.writeLine("Input value is too large to perform multiplication.");
}
}
}
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
(new CWE470_Unsafe_Reflection__getCookies_Servlet_53b()).badSink(data, request, response);
}
public String bad_source(HttpServletRequest request, HttpServletResponse response)
throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
return data;
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
(new CWE113_HTTP_Response_Splitting__getCookiesServlet_addHeaderServlet_52b())
.goodB2G_sink(data, request, response);
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
Logger log_bad = Logger.getLogger("local-logger");
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
data = cookieSources[0].getValue();
} else {
data = null;
}
(new CWE352_Cross_Site_Request_Forgery__getCookiesServlet_71b())
.goodB2G_sink((Object) data, request, response);
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
(new CWE113_HTTP_Response_Splitting__getCookies_Servlet_addCookieServlet_51b())
.goodB2GSink(data, request, response);
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
/* serialize data to a byte array */
ByteArrayOutputStream streamByteArrayOutput = null;
ObjectOutput outputObject = null;
try {
streamByteArrayOutput = new ByteArrayOutputStream();
outputObject = new ObjectOutputStream(streamByteArrayOutput);
outputObject.writeObject(data);
byte[] dataSerialized = streamByteArrayOutput.toByteArray();
(new CWE90_LDAP_Injection__getCookies_Servlet_75b())
.badSink(dataSerialized, request, response);
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO);
} finally {
/* clean up stream writing objects */
try {
if (outputObject != null) {
outputObject.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO);
}
try {
if (streamByteArrayOutput != null) {
streamByteArrayOutput.close();
}
} catch (IOException exceptIO) {
IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO);
}
}
}
public String badSource(HttpServletRequest request, HttpServletResponse response)
throws Throwable {
String data;
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
return data;
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
(new CWE369_Divide_By_Zero__getCookiesServlet_divide_54b()).bad_sink(data, request, response);
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the second switch */
private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
int data;
switch (6) {
case 6:
data = Integer.MIN_VALUE; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
String stringNumber = cookieSources[0].getValue();
try {
data = Integer.parseInt(stringNumber.trim());
} catch (NumberFormatException exceptNumberFormat) {
IO.logger.log(
Level.WARNING,
"Number format exception reading data from cookie",
exceptNumberFormat);
}
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = 0;
break;
}
switch (7) {
case 7:
/* FIX: Add a check to prevent an overflow from occurring */
if (data < Integer.MAX_VALUE) {
int result = (int) (data + 1);
IO.writeLine("result: " + result);
} else {
IO.writeLine("data value is too large to perform addition.");
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
break;
}
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the if in the sink function */
private void goodB2G2(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data = null;
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
goodB2G2PublicStatic = true;
(new CWE89_SQL_Injection__getCookies_Servlet_executeUpdate_22b())
.goodB2G2Sink(data, request, response);
}
public void bad(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data;
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].getValue();
}
}
CWE81_XSS_Error_Message__Servlet_getCookies_Servlet_81_base baseObject =
new CWE81_XSS_Error_Message__Servlet_getCookies_Servlet_81_bad();
baseObject.action(data, request, response);
}
/* goodB2G() - use badsource and goodsink */
private int goodB2G_source(HttpServletRequest request, HttpServletResponse response)
throws Throwable {
int data;
Logger log_bad = Logger.getLogger("local-logger");
/* init Data$ */
data = -1;
/* read parameter from cookie */
Cookie cookieSources[] = request.getCookies();
if (cookieSources != null) {
String s_data = cookieSources[0].getValue();
data = Integer.parseInt(s_data.trim());
}
return data;
}
