/* goodB2G() - use badsource and goodsink */ private static void GoodB2G() { password = ""; /* init password */ /* Read data using an outbound tcp connection */ { try { /* Read data using an outbound tcp connection */ using (TcpClient tcpConn = new TcpClient("host.example.org", 39544)) { /* read input from socket */ using (StreamReader sr = new StreamReader(tcpConn.GetStream())) { /* POTENTIAL FLAW: Read password using an outbound tcp connection */ password = sr.ReadLine(); } } } catch (IOException exceptIO) { IO.Logger.Log(NLog.LogLevel.Warn, "Error with stream reading", exceptIO); } } CWE319_Cleartext_Tx_Sensitive_Info__connect_tcp_SqlConnection_68b.GoodB2GSink(); }
/* goodG2B() - use goodsource and badsink */ private static void GoodG2B() { /* FIX: Use a hardcoded password as the password (it was not sent over the network) */ /* INCIDENTAL FLAW: CWE-259 Hard Coded Password */ password = "******"; CWE319_Cleartext_Tx_Sensitive_Info__connect_tcp_SqlConnection_68b.GoodG2BSink(); }