/* goodB2G() - use badsource and goodsink */ private static void GoodB2G() { string data = CWE117_Improper_Output_Neutralization_for_Logs__File_61b.GoodB2GSource(); try { int value = int.Parse(data); } catch (FormatException exceptNumberFormat) { /* FIX: Logging output is neutralized */ IO.Logger.Log(NLog.LogLevel.Warn, exceptNumberFormat, "Failed to parse value. Exception: " + exceptNumberFormat); } }
public override void Bad() { string data = CWE117_Improper_Output_Neutralization_for_Logs__File_61b.BadSource(); try { int value = int.Parse(data); } catch (FormatException exceptNumberFormat) { /* POTENTIAL FLAW: Logging output is not neutralized */ IO.Logger.Log(NLog.LogLevel.Warn, exceptNumberFormat, "Failed to parse value = " + data); } }