Exemplo n.º 1
 /* goodB2G() - use badsource and goodsink */
 private void GoodB2G()
     string password;
     password = ""; /* init password */
     /* retrieve the password */
         password = Encoding.UTF8.GetString(File.ReadAllBytes("../../../common/strong_password_file.txt"));
     catch (IOException exceptIO)
         IO.Logger.Log(NLog.LogLevel.Warn, "Error with file reading", exceptIO);
     /* POTENTIAL FLAW: The raw password read from the .txt file is passed on (without being decrypted) */
     CWE256_Unprotected_Storage_of_Credentials__basic_53b.GoodB2GSink(password );
Exemplo n.º 2
 /* goodG2B() - use goodsource and badsink */
 private void GoodG2B()
     string password;
     password = ""; /* init password */
     /* retrieve the password */
         password = Encoding.UTF8.GetString(File.ReadAllBytes("../../../common/strong_password_file.txt"));
     catch (IOException exceptIO)
         IO.Logger.Log(NLog.LogLevel.Warn, "Error with file reading", exceptIO);
     /* FIX: password is decrypted before being passed on */
         using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
             aesAlg.Key = Encoding.UTF8.GetBytes("ABCDEFGHABCDEFGH");
             aesAlg.IV = new byte[16];
             // Create a decryptor to perform the stream transform.
             ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
             // Create the streams used for decryption.
             using (MemoryStream msDecrypt = new MemoryStream(File.ReadAllBytes("../../../common/strong_password_file.txt")))
                 using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
                     using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                         // Read the decrypted bytes from the decrypting stream
                         // and place them in a string.
                         password = srDecrypt.ReadToEnd();
     CWE256_Unprotected_Storage_of_Credentials__basic_53b.GoodG2BSink(password );