/* goodB2G() - use badsource and goodsink by changing the second "if" so that
* both branches use the GoodSink */
private void GoodB2G()
{
String data;
if (IO.StaticReturnsTrueOrFalse())
{
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
}
else
{
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
}
if (IO.StaticReturnsTrueOrFalse())
{
/* FIX: explicit check for null */
if (data != null)
{
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
}
else
{
/* FIX: explicit check for null */
if (data != null)
{
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */
private void GoodB2G2()
{
String data;
if (PRIVATE_CONST_TRUE)
{
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
}
else
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (PRIVATE_CONST_TRUE)
{
/* FIX: explicit check for null */
if (data != null)
{
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
}
}
public override void Bad()
{
String data;
if (IO.StaticReturnsTrueOrFalse())
{
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
}
else
{
/* FIX: call getStringGood(), which will never return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringGood();
}
if (IO.StaticReturnsTrueOrFalse())
{
/* POTENTIAL FLAW: data could be null */
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
else
{
/* FIX: explicit check for null */
if (data != null)
{
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
}
}
public override void Bad()
{
String data;
switch (6)
{
case 6:
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
break;
}
switch (7)
{
case 7:
/* POTENTIAL FLAW: data could be null */
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.WriteLine("Benign, fixed string");
break;
}
}
public override void Bad()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
CWE690_NULL_Deref_From_Return__Class_string_54b.BadSink(data);
}
/* goodB2G() - use badsource and goodsink */
private void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
CWE690_NULL_Deref_From_Return__Class_string_54b.GoodB2GSink(data);
}
/* goodB2G() - use badsource and goodsink */
public static String GoodB2GSource()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
return(data);
}
/* goodB2G2() - use BadSource and GoodSink by reversing the blocks in the if in the sink function */
private void GoodB2G2()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
goodB2G2Private = true;
GoodB2G2Sink(data);
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the if in the sink function */
private void GoodB2G2()
{
String data = null;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
goodB2G2PublicStatic = true;
CWE690_NULL_Deref_From_Return__Class_string_22b.GoodB2G2Sink(data);
}
/* goodB2G() - use badsource and goodsink */
private static void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
String[] dataArray = new String[5];
dataArray[2] = data;
CWE690_NULL_Deref_From_Return__Class_string_66b.GoodB2GSink(dataArray);
}
/* goodB2G() - use BadSource and GoodSink */
private void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
CWE690_NULL_Deref_From_Return__Class_string_81_base baseObject = new CWE690_NULL_Deref_From_Return__Class_string_81_goodB2G();
baseObject.Action(data);
}
public override void Bad()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
String[] dataArray = new String[5];
dataArray[2] = data;
CWE690_NULL_Deref_From_Return__Class_string_66b.BadSink(dataArray);
}
/* goodB2G() - use badsource and goodsink */
private static void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
Container dataContainer = new Container();
dataContainer.containerOne = data;
CWE690_NULL_Deref_From_Return__Class_string_67b.GoodB2GSink(dataContainer);
}
public override void Bad()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
/* POTENTIAL FLAW: data could be null */
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
public override void Bad()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
Container dataContainer = new Container();
dataContainer.containerOne = data;
CWE690_NULL_Deref_From_Return__Class_string_67b.BadSink(dataContainer);
}
public override void Bad()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
Hashtable dataHashtable = new Hashtable(5);
dataHashtable.Add(0, data);
dataHashtable.Add(1, data);
dataHashtable.Add(2, data);
CWE690_NULL_Deref_From_Return__Class_string_72b.BadSink(dataHashtable);
}
public override void Bad()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
LinkedList <String> dataLinkedList = new LinkedList <String>();
dataLinkedList.AddLast(data);
dataLinkedList.AddLast(data);
dataLinkedList.AddLast(data);
CWE690_NULL_Deref_From_Return__Class_string_73b.BadSink(dataLinkedList);
}
/* goodB2G() - use BadSource and GoodSink */
private static void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
Dictionary <int, String> dataDictionary = new Dictionary <int, String>();
dataDictionary.Add(0, data);
dataDictionary.Add(1, data);
dataDictionary.Add(2, data);
CWE690_NULL_Deref_From_Return__Class_string_74b.GoodB2GSink(dataDictionary);
}
public override void Bad()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
Dictionary <int, String> dataDictionary = new Dictionary <int, String>();
dataDictionary.Add(0, data);
dataDictionary.Add(1, data);
dataDictionary.Add(2, data);
CWE690_NULL_Deref_From_Return__Class_string_74b.BadSink(dataDictionary);
}
/* goodB2G() - use BadSource and GoodSink */
private static void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
LinkedList <String> dataLinkedList = new LinkedList <String>();
dataLinkedList.AddLast(data);
dataLinkedList.AddLast(data);
dataLinkedList.AddLast(data);
CWE690_NULL_Deref_From_Return__Class_string_73b.GoodB2GSink(dataLinkedList);
}
/* goodB2G() - use BadSource and GoodSink */
private static void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
Hashtable dataHashtable = new Hashtable(5);
dataHashtable.Add(0, data);
dataHashtable.Add(1, data);
dataHashtable.Add(2, data);
CWE690_NULL_Deref_From_Return__Class_string_72b.GoodB2GSink(dataHashtable);
}
/* goodB2G() - use badsource and goodsink*/
private void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
for (int k = 0; k < 1; k++)
{
/* FIX: explicit check for null */
if (data != null)
{
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
}
}
public override void Bad()
{
String data;
/* We need to have one source outside of a for loop in order
* to prevent the compiler from generating an error because
* data is uninitialized
*/
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
for (int j = 0; j < 1; j++)
{
/* POTENTIAL FLAW: data could be null */
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
}
public override void Bad()
{
String data;
if (PRIVATE_CONST_FIVE == 5)
{
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
}
else
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (PRIVATE_CONST_FIVE == 5)
{
/* POTENTIAL FLAW: data could be null */
string stringTrimmed = data.Trim();
IO.WriteLine(stringTrimmed);
}
}
/* goodB2G() - use BadSource and GoodSink */
private static void GoodB2G()
{
String data;
/* POTENTIAL FLAW: Call getStringBad(), which may return null */
data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBad();
/* serialize data to a byte array */
byte[] dataSerialized = null;
try
{
BinaryFormatter bf = new BinaryFormatter();
using (var ms = new MemoryStream())
{
bf.Serialize(ms, data);
dataSerialized = ms.ToArray();
}
CWE690_NULL_Deref_From_Return__Class_string_75b.GoodB2GSink(dataSerialized);
}
catch (SerializationException exceptSerialize)
{
IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize);
}
}
