/* goodG2B() - use goodsource and badsink */
private static void GoodG2B()
{
string password = CWE256_Unprotected_Storage_of_Credentials__basic_61b.GoodG2BSource();
/* POTENTIAL FLAW: Use password as a password to connect to a DB (without being decrypted) */
using (SqlConnection dBConnection = new SqlConnection(@"Data Source=(local);Initial Catalog=CWE256;User ID=" + "sa" + ";Password="******"Error with database connection", exceptSql);
}
}
}
/* goodB2G() - use badsource and goodsink */
private static void GoodB2G()
{
string password = CWE256_Unprotected_Storage_of_Credentials__basic_61b.GoodB2GSource();
/* FIX: password is decrypted before being used as a database password */
{
using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
{
aesAlg.Key = Encoding.UTF8.GetBytes("ABCDEFGHABCDEFGH");
aesAlg.IV = new byte[16];
// Create a decryptor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(File.ReadAllBytes("../../../common/strong_password_file.txt")))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
password = srDecrypt.ReadToEnd();
}
}
}
}
}
using (SqlConnection dBConnection = new SqlConnection(@"Data Source=(local);Initial Catalog=CWE256;User ID=sa;Password="******"Error with database connection", exceptSql);
}
}
}
