/* goodG2B() - use goodsource and badsink */ public static void GoodG2BSink(CWE606_Unchecked_Loop_Condition__File_67a.Container dataContainer) { string data = dataContainer.containerOne; int numberOfLoops; try { numberOfLoops = int.Parse(data); } catch (FormatException exceptNumberFormat) { IO.WriteLine("Invalid response. Numeric input expected. Assuming 1."); IO.Logger.Log(NLog.LogLevel.Warn, exceptNumberFormat, "Invalid response. Numeric input expected. Assuming 1."); numberOfLoops = 1; } for (int i = 0; i < numberOfLoops; i++) { /* POTENTIAL FLAW: user supplied input used for loop counter test */ IO.WriteLine("hello world"); } }
/* goodB2G() - use badsource and goodsink */ public static void GoodB2GSink(CWE606_Unchecked_Loop_Condition__File_67a.Container dataContainer) { string data = dataContainer.containerOne; int numberOfLoops; try { numberOfLoops = int.Parse(data); } catch (FormatException exceptNumberFormat) { IO.WriteLine("Invalid response. Numeric input expected. Assuming 1."); IO.Logger.Log(NLog.LogLevel.Warn, exceptNumberFormat, "Invalid response. Numeric input expected. Assuming 1."); numberOfLoops = 1; } /* FIX: loop number thresholds validated */ if (numberOfLoops >= 0 && numberOfLoops <= 5) { for (int i = 0; i < numberOfLoops; i++) { IO.WriteLine("hello world"); } } }