public override void Bad(HttpRequest req, HttpResponse resp)
{
data = ""; /* initialize data in case there are no cookies */
/* Read data from cookies */
{
HttpCookieCollection cookieSources = req.Cookies;
if (cookieSources != null)
{
/* POTENTIAL FLAW: Read data from the first cookie value */
data = cookieSources[0].Value;
}
}
CWE90_LDAP_Injection__Get_Cookies_Web_68b.BadSink(req, resp);
}
/* goodG2B() - use goodsource and badsink */
private static void GoodG2B(HttpRequest req, HttpResponse resp)
{
/* FIX: Use a hardcoded string */
data = "foo";
CWE90_LDAP_Injection__Get_Cookies_Web_68b.GoodG2BSink(req, resp);
}
