/* goodB2G() - use BadSource and GoodSink */
private static void GoodB2G(HttpRequest req, HttpResponse resp)
{
string data;
using (SecureString securePwd = new SecureString())
{
using (SecureString secureUser = new SecureString())
{
for (int i = 0; i < "AP@ssw0rd".Length; i++)
{
/* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */
securePwd.AppendChar("AP@ssw0rd"[i]);
}
for (int i = 0; i < "user".Length; i++)
{
/* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */
securePwd.AppendChar("user"[i]);
}
/* POTENTIAL FLAW: Set data to credentials (without hashing or encryption) */
data = secureUser.ToString() + ":" + securePwd.ToString();
}
}
Hashtable dataHashtable = new Hashtable(5);
dataHashtable.Add(0, data);
dataHashtable.Add(1, data);
dataHashtable.Add(2, data);
CWE315_Cleartext_Storage_in_Cookie__Web_72b.GoodB2GSink(dataHashtable, req, resp);
}
