C# (CSharp) testcases.CWE315_Cleartext_Storage_in_Cookie CWE315_Cleartext_Storage_in_Cookie__Web_68b Examples

Programming Language: C# (CSharp)

Namespace/Package Name: testcases.CWE315_Cleartext_Storage_in_Cookie

Class/Type: CWE315_Cleartext_Storage_in_Cookie__Web_68b

Examples at hotexamples.com: 2

C# (CSharp) testcases.CWE315_Cleartext_Storage_in_Cookie CWE315_Cleartext_Storage_in_Cookie__Web_68b - 2 examples found. These are the top rated real world C# (CSharp) examples of testcases.CWE315_Cleartext_Storage_in_Cookie.CWE315_Cleartext_Storage_in_Cookie__Web_68b extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

BadSink(1)

GoodB2GSink(1)

GoodG2BSink(1)

Example #1

Show file

File: CWE315_Cleartext_Storage_in_Cookie__Web_68a.cs Project: Anzsley/Juliet_Test_Suite_v1.3_for_C_Sharp

 /* goodG2B() - use goodsource and badsink */
 private static void GoodG2B(HttpRequest req, HttpResponse resp)
 {
     using (SecureString securePwd = new SecureString())
     {
         using (SecureString secureUser = new SecureString())
         {
             for (int i = 0; i < "AP@ssw0rd".Length; i++)
             {
                 /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */
                 securePwd.AppendChar("AP@ssw0rd"[i]);
             }
             for (int i = 0; i < "user".Length; i++)
             {
                 /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */
                 securePwd.AppendChar("user"[i]);
             }
             /* FIX: Set data to a hash of credentials */
             {
                 string salt = "ThisIsMySalt";
                 using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider())
                 {
                     string credentialsToHash  = secureUser.ToString() + ":" + securePwd.ToString();
                     byte[] buffer             = Encoding.UTF8.GetBytes(string.Concat(salt, credentialsToHash));
                     byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer);
                     data = IO.ToHex(hashedCredsAsBytes);
                 }
             }
         }
     }
     CWE315_Cleartext_Storage_in_Cookie__Web_68b.GoodG2BSink(req, resp);
 }

Example #2

Show file

File: CWE315_Cleartext_Storage_in_Cookie__Web_68a.cs Project: Anzsley/Juliet_Test_Suite_v1.3_for_C_Sharp

 /* goodB2G() - use badsource and goodsink */
 private static void GoodB2G(HttpRequest req, HttpResponse resp)
 {
     using (SecureString securePwd = new SecureString())
     {
         using (SecureString secureUser = new SecureString())
         {
             for (int i = 0; i < "AP@ssw0rd".Length; i++)
             {
                 /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */
                 securePwd.AppendChar("AP@ssw0rd"[i]);
             }
             for (int i = 0; i < "user".Length; i++)
             {
                 /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */
                 securePwd.AppendChar("user"[i]);
             }
             /* POTENTIAL FLAW: Set data to credentials (without hashing or encryption) */
             data = secureUser.ToString() + ":" + securePwd.ToString();
         }
     }
     CWE315_Cleartext_Storage_in_Cookie__Web_68b.GoodB2GSink(req, resp);
 }