public override void Bad(HttpRequest req, HttpResponse resp) { string data; /* POTENTIAL FLAW: Read data from a querystring using Params.Get */ data = req.Params.Get("name"); string[] dataArray = new string[5]; dataArray[2] = data; CWE90_LDAP_Injection__Params_Get_Web_66b.BadSink(dataArray, req, resp); }