public override void Bad(HttpRequest req, HttpResponse resp) { string data = CWE113_HTTP_Response_Splitting__Web_File_addCookie_61b.BadSource(req, resp); if (data != null) { HttpCookie cookieSink = new HttpCookie("lang", data); /* POTENTIAL FLAW: Input not verified before inclusion in the cookie */ resp.AppendCookie(cookieSink); } }