/* goodB2G() - use BadSource and GoodSink */ private static void GoodB2G() { string password; password = ""; /* init password */ /* Read data using an outbound tcp connection */ { try { /* Read data using an outbound tcp connection */ using (TcpClient tcpConn = new TcpClient("host.example.org", 39544)) { /* read input from socket */ using (StreamReader sr = new StreamReader(tcpConn.GetStream())) { /* POTENTIAL FLAW: Read password using an outbound tcp connection */ password = sr.ReadLine(); } } } catch (IOException exceptIO) { IO.Logger.Log(NLog.LogLevel.Warn, "Error with stream reading", exceptIO); } } Dictionary <int, string> passwordDictionary = new Dictionary <int, string>(); passwordDictionary.Add(0, password); passwordDictionary.Add(1, password); passwordDictionary.Add(2, password); CWE319_Cleartext_Tx_Sensitive_Info__connect_tcp_SqlConnection_74b.GoodB2GSink(passwordDictionary); }
/* goodG2B() - use GoodSource and BadSink */ private static void GoodG2B() { string password; /* FIX: Use a hardcoded password as the password (it was not sent over the network) */ /* INCIDENTAL FLAW: CWE-259 Hard Coded Password */ password = "******"; Dictionary <int, string> passwordDictionary = new Dictionary <int, string>(); passwordDictionary.Add(0, password); passwordDictionary.Add(1, password); passwordDictionary.Add(2, password); CWE319_Cleartext_Tx_Sensitive_Info__connect_tcp_SqlConnection_74b.GoodG2BSink(passwordDictionary); }