public override void Bad()
{
count = int.MinValue; /* Initialize count */
/* Read count from a database */
{
try
{
/* setup the connection */
using (SqlConnection connection = IO.GetDBConnection())
{
connection.Open();
/* prepare and execute a (hardcoded) query */
using (SqlCommand command = new SqlCommand(null, connection))
{
command.CommandText = "select name from users where id=0";
command.Prepare();
using (SqlDataReader dr = command.ExecuteReader())
{
/* POTENTIAL FLAW: Read count from a database query SqlDataReader */
string stringNumber = dr.GetString(1);
if (stringNumber != null) /* avoid NPD incidental warnings */
{
try
{
count = int.Parse(stringNumber.Trim());
}
catch (FormatException exceptNumberFormat)
{
IO.Logger.Log(NLog.LogLevel.Warn, exceptNumberFormat, "Number format exception parsing count from string");
}
}
}
}
}
}
catch (SqlException exceptSql)
{
IO.Logger.Log(NLog.LogLevel.Warn, exceptSql, "Error with SQL statement");
}
}
CWE400_Uncontrolled_Resource_Consumption__Database_for_loop_68b.BadSink();
}
