/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { string data; /* FIX: Use a hardcoded user ID */ data = "10"; /* serialize data to a byte array */ byte[] dataSerialized = null; try { BinaryFormatter bf = new BinaryFormatter(); using (var ms = new MemoryStream()) { bf.Serialize(ms, data); dataSerialized = ms.ToArray(); } CWE566_Authorization_Bypass_Through_SQL_Primary__Web_75b.GoodG2BSink(dataSerialized, req, resp); } catch (SerializationException exceptSerialize) { IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize); } }
public override void Bad(HttpRequest req, HttpResponse resp) { string data; /* FLAW: Get the user ID from a URL parameter */ data = req.Params.Get("id"); /* serialize data to a byte array */ byte[] dataSerialized = null; try { BinaryFormatter bf = new BinaryFormatter(); using (var ms = new MemoryStream()) { bf.Serialize(ms, data); dataSerialized = ms.ToArray(); } CWE566_Authorization_Bypass_Through_SQL_Primary__Web_75b.BadSink(dataSerialized, req, resp); } catch (SerializationException exceptSerialize) { IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize); } }