/* goodB2G() - use badsource and goodsink */ private void GoodB2G() { string password; password = ""; /* init password */ /* read input from WebClient */ { try { using (WebClient client = new WebClient()) { using (StreamReader sr = new StreamReader(client.OpenRead("http://www.example.org/"))) { /* POTENTIAL FLAW: Read password from a web server with WebClient */ /* This will be reading the first "line" of the response body, * which could be very long if there are no newlines in the HTML */ password = sr.ReadLine(); } } } catch (IOException exceptIO) { IO.Logger.Log(NLog.LogLevel.Warn, "Error with stream reading", exceptIO); } } CWE319_Cleartext_Tx_Sensitive_Info__NetClient_SqlConnection_52b.GoodB2GSink(password); }
/* goodG2B() - use goodsource and badsink */ private void GoodG2B() { string password; /* FIX: Use a hardcoded password as the password (it was not sent over the network) */ /* INCIDENTAL FLAW: CWE-259 Hard Coded Password */ password = "******"; CWE319_Cleartext_Tx_Sensitive_Info__NetClient_SqlConnection_52b.GoodG2BSink(password); }