/* goodB2G() - use BadSource and GoodSink */
private static void GoodB2G()
{
string password;
password = ""; /* init password */
/* read input from WebClient */
{
try
{
using (WebClient client = new WebClient())
{
using (StreamReader sr = new StreamReader(client.OpenRead("http://www.example.org/")))
{
/* POTENTIAL FLAW: Read password from a web server with WebClient */
/* This will be reading the first "line" of the response body,
* which could be very long if there are no newlines in the HTML */
password = sr.ReadLine();
}
}
}
catch (IOException exceptIO)
{
IO.Logger.Log(NLog.LogLevel.Warn, "Error with stream reading", exceptIO);
}
}
Hashtable passwordHashtable = new Hashtable(5);
passwordHashtable.Add(0, password);
passwordHashtable.Add(1, password);
passwordHashtable.Add(2, password);
CWE319_Cleartext_Tx_Sensitive_Info__NetClient_SqlConnection_72b.GoodB2GSink(passwordHashtable);
}
/* goodG2B() - use GoodSource and BadSink */
private static void GoodG2B()
{
string password;
/* FIX: Use a hardcoded password as the password (it was not sent over the network) */
/* INCIDENTAL FLAW: CWE-259 Hard Coded Password */
password = "******";
Hashtable passwordHashtable = new Hashtable(5);
passwordHashtable.Add(0, password);
passwordHashtable.Add(1, password);
passwordHashtable.Add(2, password);
CWE319_Cleartext_Tx_Sensitive_Info__NetClient_SqlConnection_72b.GoodG2BSink(passwordHashtable);
}
