コード例 #1
0
        public override void Bad()
        {
            StringBuilder data;

            if (privateFive == 5)
            {
                /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */
                data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad();
            }
            else
            {
                /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
                 * but ensure data is inititialized before the Sink to avoid compiler errors */
                data = null;
            }
            if (privateFive == 5)
            {
                /* POTENTIAL FLAW: data could be null */
                string stringTrimmed = data.ToString().Trim();
                IO.WriteLine(stringTrimmed);
            }
        }
コード例 #2
0
        /* GoodG2B2() - use goodsource and badsink by reversing statements in first if */
        private void GoodG2B2()
        {
            StringBuilder data;

            if (IO.STATIC_READONLY_TRUE)
            {
                /* FIX: call getStringBuilderGood(), which will never return null */
                data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderGood();
            }
            else
            {
                /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
                 * but ensure data is inititialized before the Sink to avoid compiler errors */
                data = null;
            }
            if (IO.STATIC_READONLY_TRUE)
            {
                /* POTENTIAL FLAW: data could be null */
                string stringTrimmed = data.ToString().Trim();
                IO.WriteLine(stringTrimmed);
            }
        }
コード例 #3
0
        /* goodB2G() - use BadSource and GoodSink */
        private static void GoodB2G()
        {
            StringBuilder data;

            /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */
            data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad();
            /* serialize data to a byte array */
            byte[] dataSerialized = null;
            try
            {
                BinaryFormatter bf = new BinaryFormatter();
                using (var ms = new MemoryStream())
                {
                    bf.Serialize(ms, data);
                    dataSerialized = ms.ToArray();
                }
                CWE690_NULL_Deref_From_Return__Class_StringBuilder_75b.GoodB2GSink(dataSerialized);
            }
            catch (SerializationException exceptSerialize)
            {
                IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize);
            }
        }
コード例 #4
0
 /* goodB2G() - use badsource and goodsink */
 private static void GoodB2G()
 {
     /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */
     data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad();
     CWE690_NULL_Deref_From_Return__Class_StringBuilder_68b.GoodB2GSink();
 }
コード例 #5
0
 /* goodG2B() - use goodsource and badsink */
 private static void GoodG2B()
 {
     /* FIX: call getStringBuilderGood(), which will never return null */
     data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderGood();
     CWE690_NULL_Deref_From_Return__Class_StringBuilder_68b.GoodG2BSink();
 }
コード例 #6
0
 public override void Bad()
 {
     /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */
     data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad();
     CWE690_NULL_Deref_From_Return__Class_StringBuilder_68b.BadSink();
 }