public override void Bad()
{
data = int.MinValue; /* Initialize data */
/* Read data using a listening tcp connection */
{
TcpListener listener = null;
/* Read data using a listening tcp connection */
try
{
listener = new TcpListener(IPAddress.Parse("10.10.1.10"), 39543);
listener.Start();
using (TcpClient tcpConn = listener.AcceptTcpClient())
{
/* read input from socket */
using (StreamReader sr = new StreamReader(tcpConn.GetStream()))
{
/* POTENTIAL FLAW: Read data using a listening tcp connection */
string stringNumber = sr.ReadLine();
if (stringNumber != null) // avoid NPD incidental warnings
{
try
{
data = int.Parse(stringNumber.Trim());
}
catch (FormatException exceptNumberFormat)
{
IO.Logger.Log(NLog.LogLevel.Warn, exceptNumberFormat, "Number format exception parsing data from string");
}
}
}
}
}
catch (IOException exceptIO)
{
IO.Logger.Log(NLog.LogLevel.Warn, exceptIO, "Error with stream reading");
}
finally
{
try
{
if (listener != null)
{
listener.Stop();
}
}
catch (SocketException se)
{
IO.Logger.Log(NLog.LogLevel.Warn, se, "Error closing TcpListener");
}
}
}
CWE197_Numeric_Truncation_Error__int_Listen_tcp_to_short_68b.BadSink();
}
/* goodG2B() - use goodsource and badsink */
private static void GoodG2B()
{
/* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */
data = 2;
CWE197_Numeric_Truncation_Error__int_Listen_tcp_to_short_68b.GoodG2BSink();
}
