/* goodG2B() - use goodsource and badsink */ public static void GoodG2BSink(CWE129_Improper_Validation_of_Array_Index__Params_Get_Web_array_size_67a.Container dataContainer, HttpRequest req, HttpResponse resp) { int data = dataContainer.containerOne; int[] array = null; /* POTENTIAL FLAW: Verify that data is non-negative, but still allow it to be 0 */ if (data >= 0) { array = new int[data]; } else { IO.WriteLine("Array size is negative"); } /* do something with the array */ array[0] = 5; IO.WriteLine(array[0]); }
/* goodB2G() - use badsource and goodsink */ public static void GoodB2GSink(CWE129_Improper_Validation_of_Array_Index__Params_Get_Web_array_size_67a.Container dataContainer, HttpRequest req, HttpResponse resp) { int data = dataContainer.containerOne; /* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */ int[] array = null; /* FIX: Verify that data is non-negative AND greater than 0 */ if (data > 0) { array = new int[data]; } else { IO.WriteLine("Array size is negative"); } /* do something with the array */ array[0] = 5; IO.WriteLine(array[0]); }