/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { string data; /* FIX: Use a hardcoded user ID */ data = "10"; Dictionary <int, string> dataDictionary = new Dictionary <int, string>(); dataDictionary.Add(0, data); dataDictionary.Add(1, data); dataDictionary.Add(2, data); CWE566_Authorization_Bypass_Through_SQL_Primary__Web_74b.GoodG2BSink(dataDictionary, req, resp); }
public override void Bad(HttpRequest req, HttpResponse resp) { string data; /* FLAW: Get the user ID from a URL parameter */ data = req.Params.Get("id"); Dictionary <int, string> dataDictionary = new Dictionary <int, string>(); dataDictionary.Add(0, data); dataDictionary.Add(1, data); dataDictionary.Add(2, data); CWE566_Authorization_Bypass_Through_SQL_Primary__Web_74b.BadSink(dataDictionary, req, resp); }