/* goodB2G() - use BadSource and GoodSink */ public static void GoodB2GSink(LinkedList <string> dataLinkedList) { string data = dataLinkedList.Last.Value; /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } }
public string Encrypt(string message) { SHA512 sha512 = new SHA512CryptoServiceProvider(); try { sha512.ComputeHash(ASCIIEncoding.ASCII.GetBytes(message)); byte[] result = sha512.Hash; StringBuilder hash = new StringBuilder(); for (int i = 0; i < result.Length; i++) { hash.Append(result[i].ToString("x2")); } return(hash.ToString()); } catch (Exception e) { throw e; } }
/* Given an input seed, derive the required output. */ private static void DeriveParams(byte[] seed, out byte[] key, out byte[] iv, out string ident) { // Hash the output using sha512 byte[] seed_output; using (SHA512CryptoServiceProvider sha512csp = new SHA512CryptoServiceProvider()) { seed_output = sha512csp.ComputeHash(seed); } // Take key from first 32 bytes key = new byte[32]; Buffer.BlockCopy(seed_output, 0, key, 0, 32); // Take IV from next 16 bytes iv = new byte[16]; Buffer.BlockCopy(seed_output, 32, iv, 0, 16); // Take server identifier (the "ident") from last 16 bytes and base64url encode it byte[] ident_raw = new byte[16]; Buffer.BlockCopy(seed_output, 48, ident_raw, 0, 16); ident = UrlBase64Encode(ident_raw); }
public string CalculatePasswordHash(string userName, int userID, string password) { SHA512 hashProvider512 = SHA512CryptoServiceProvider.Create(); SHA256 hashProvider256 = SHA256CryptoServiceProvider.Create(); string salt = userID.ToString() + userName; // construct the salt from the useriD + username byte[] saltBytes = new byte[salt.Length * sizeof(char)]; // initialise new bytearray, size of the string times size of each char System.Buffer.BlockCopy(salt.ToCharArray(), 0, saltBytes, 0, salt.Length); // don't use encoding, just copy pure byte data byte[] saltHash = hashProvider256.ComputeHash(saltBytes); // compute the hash from the salt string string saltString = Convert.ToBase64String(saltHash); // convert the hash back to a string string passwordString = password + saltString; // construct the complete password from the password and the saltstring byte[] passwordBytes = new byte[passwordString.Length * sizeof(char)]; // and initialise the new bytearray System.Buffer.BlockCopy(passwordString.ToCharArray(), 0, passwordBytes, 0, passwordString.Length); // copy it over byte[] passwordHash = hashProvider512.ComputeHash(passwordBytes); // generate the final hash string passwordHashString = Convert.ToBase64String(passwordHash); // and transform that back into a stringr return(passwordHashString); }
public string EncryptSha(string text, int repeatCount = 11) { try { x++; SHA512 sha = new SHA512CryptoServiceProvider(); byte[] shaAsByte = sha.ComputeHash(Encoding.UTF8.GetBytes(text)); StringBuilder sb = new StringBuilder(); foreach (var item in shaAsByte) { sb.Append(item.ToString("x2")); } if (x <= repeatCount) { EncryptSha(sb.ToString(), repeatCount); } return(sb.ToString()); } catch { return(""); } }
/* goodB2G() - use badsource and goodsink */ public static void GoodB2GSink() { string data = CWE313_Cleartext_Storage_in_a_File_or_on_Disk__NetClient_68a.data; /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } }
public static string Hash(int algorithm, string planeText) { HashAlgorithm hash; switch (algorithm) { case SHA128: hash = new SHA1CryptoServiceProvider(); break; case SHA256: hash = new SHA256CryptoServiceProvider(); break; case SHA384: hash = new SHA384CryptoServiceProvider(); break; case SHA512: hash = new SHA512CryptoServiceProvider(); break; default: throw new NoSuchAlgorithmException(planeText + ": Not Found"); } Encoding encoding = Encoding.UTF8; byte[] plane = encoding.GetBytes(planeText); var sBuilder = new StringBuilder(); byte[] hashed = hash.ComputeHash(plane); for (int i = 0; i < hashed.Length; i++) { sBuilder.Append(hashed[i].ToString("x2")); } return(sBuilder.ToString()); }
/* goodB2G() - use badsource and goodsink */ private void GoodB2G() { string dataCopy; { string data; /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = Environment.GetEnvironmentVariable("ADD"); dataCopy = data; } { string data = dataCopy; /* FIX: Hash data before storing in registry */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } RegistryKey key = Registry.CurrentUser.OpenSubKey("Software", true); key.CreateSubKey("CWEparent"); key = key.OpenSubKey("CWEparent", true); key.CreateSubKey("TestingCWE"); key = key.OpenSubKey("TestingCWE", true); key.SetValue("CWE", secureData); } } }
/* goodB2G() - use badsource and goodsink */ private void GoodB2G(HttpRequest req, HttpResponse resp) { string dataCopy; { string data; data = ""; /* initialize data in case id is not in query string */ /* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */ { if (req.QueryString["id"] != null) { data = req.QueryString["id"]; } } dataCopy = data; } { string data = dataCopy; /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } } }
/* goodB2G() - use badsource and goodsink*/ private void GoodB2G(HttpRequest req, HttpResponse resp) { string data; using (SecureString securePwd = new SecureString()) { using (SecureString secureUser = new SecureString()) { for (int i = 0; i < "AP@ssw0rd".Length; i++) { /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */ securePwd.AppendChar("AP@ssw0rd"[i]); } for (int i = 0; i < "user".Length; i++) { /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */ securePwd.AppendChar("user"[i]); } /* POTENTIAL FLAW: Set data to credentials (without hashing or encryption) */ data = secureUser.ToString() + ":" + securePwd.ToString(); } } for (int k = 0; k < 1; k++) { /* FIX: Hash data before storing in cookie */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } resp.AppendCookie(new HttpCookie("auth", data)); } }
private String CalcularHashSHA512(Stream sArquivo) { byte[] hashSHA512 = null; try { try { SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider(); sArquivo.Position = 0; hashSHA512 = sha512.ComputeHash(sArquivo); } catch (Exception ex) { this.MudarText(ckbSHA512, "SHA512 Erro"); if (this.InvokeRequired) { this.BeginInvoke(new MethodExibirHash(ExibirHash), ex.Message); } MessageBox.Show(ex.Message); } } catch (Exception ex) { MessageBox.Show(ex.Message, "ERRO", MessageBoxButtons.OK, MessageBoxIcon.Error); if (this.InvokeRequired) { this.BeginInvoke(new MethodExibirHash(ExibirHash), ex.Message); } throw new Exception(ex.Message, ex.InnerException); } String hashSHA512Text = BitConverter.ToString(hashSHA512).Replace("-", ""); this.ExibirHash(hashSHA512Text); this.MudarText(ckbSHA512, "SHA512"); return(hashSHA512Text); }
/* goodB2G2() - use badsource and goodsink by reversing statements in second if */ private void GoodB2G2(HttpRequest req, HttpResponse resp) { string data; if (privateFive == 5) { /* POTENTIAL FLAW: Read data from a querystring using Params.Get */ data = req.Params.Get("name"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (privateFive == 5) { /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } } }
public static string ComputeHash(string msg) { string result = string.Empty; var md5 = new MD5CryptoServiceProvider(); var sha1 = new SHA1CryptoServiceProvider(); var sha256 = new SHA256CryptoServiceProvider(); var sha384 = new SHA384CryptoServiceProvider(); var sha512 = new SHA512CryptoServiceProvider(); var ripemd160 = new RIPEMD160Managed(); var source = System.Text.UTF8Encoding.Default.GetBytes(msg); var algorithms = new Dictionary <string, HashAlgorithm>(); algorithms["md5"] = md5; algorithms["sha1"] = sha1; algorithms["sha256"] = sha256; algorithms["sha384"] = sha384; algorithms["sha512"] = sha512; algorithms["ripemd160"] = ripemd160; result = Convert.ToBase64String(sha512.ComputeHash(source)); return(result); }
/// <summary> /// Generate SHA512 hash string. /// </summary> /// <param name="str">A string</param> /// <returns>Generated hash</returns> public static string HashString(string str) { var cryptoServiceProvider = new SHA512CryptoServiceProvider(); var cryptoString = Encoding.UTF8.GetBytes(str); var hash = cryptoServiceProvider.ComputeHash(cryptoString); var ret = ""; foreach (var a in hash) { if (a < 16) { ret += "0" + a.ToString("x"); } else { ret += a.ToString("x"); } } return(ret); }
/// <summary> /// Metodo para generar un token binario(Tipo no base2) /// </summary> /// <param name="idReceptor"></param> /// <returns></returns> public string generarTokenBinario(string consecutivo) { string resultado = ""; //Se inicializa el proveedor de servicio SHA512CryptoServiceProvider proServ = new SHA512CryptoServiceProvider(); try { //Se obtienen los bytes del consecutivo byte[] tokenBytes = System.Text.Encoding.UTF8.GetBytes(consecutivo); //Se aplica el hash byte[] tokBytes = proServ.ComputeHash(tokenBytes); //Se limpia el proveedor de servicios proServ.Clear(); resultado = Convert.ToBase64String(tokBytes); } catch (Exception) { } return(resultado); }
private void GoodB2G2Sink(string data, HttpRequest req, HttpResponse resp) { if (goodB2G2Private) { /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } } }
/* goodB2G() - use badsource and goodsink */ private void GoodB2G(HttpRequest req, HttpResponse resp) { string data; data = ""; /* initialize data in case id is not in query string */ /* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */ { if (req.QueryString["id"] != null) { data = req.QueryString["id"]; } } /* FIX: Hash data before storing in registry */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } RegistryKey key = Registry.CurrentUser.OpenSubKey("Software", true); key.CreateSubKey("CWEparent"); key = key.OpenSubKey("CWEparent", true); key.CreateSubKey("TestingCWE"); key = key.OpenSubKey("TestingCWE", true); key.SetValue("CWE", secureData); } }
/// <summary> /// 创建Hash算法 /// </summary> /// <param name="hashProvider"></param> /// <returns></returns> internal static HashAlgorithm CreateHashAlgorithm(EnumHashProvider hashProvider) { HashAlgorithm hashAlgorithm = null; switch (hashProvider) { case EnumHashProvider.MD5CryptoServiceProvider: hashAlgorithm = new MD5CryptoServiceProvider(); break; case EnumHashProvider.RIPEMD160Managed: hashAlgorithm = new RIPEMD160Managed(); break; case EnumHashProvider.SHA1CryptoServiceProvider: hashAlgorithm = new SHA1CryptoServiceProvider(); break; case EnumHashProvider.SHA1Managed: hashAlgorithm = new SHA1Managed(); break; case EnumHashProvider.SHA256Managed: hashAlgorithm = new SHA256CryptoServiceProvider(); break; case EnumHashProvider.SHA384Managed: hashAlgorithm = new SHA384CryptoServiceProvider(); break; case EnumHashProvider.SHA512Managed: hashAlgorithm = new SHA512CryptoServiceProvider(); break; } return(hashAlgorithm); }
private void RequestFileChunk() { if (fileStream.Length < length) { var stream = new MemoryStream(); var writer = new BinaryWriter(stream); writer.Write((byte)MessageType.FileRequest); writer.Write(fileStream.Length); SendPacket(stream.ToArray()); } else { fileStream.Close(); fileStream = File.OpenRead(tempPath); var hash = new SHA512CryptoServiceProvider().ComputeHash(fileStream); fileStream.Close(); var myHashName = ""; foreach (var b in hash) { myHashName += b.ToString("x2"); } if (hashName == myHashName) { File.Delete(filePath); File.Move(tempPath, filePath); SendPacket(new byte[] { (byte)MessageType.FileReceived }); } else { File.Delete(tempPath); fileStream = File.OpenWrite(tempPath); RequestFileChunk(); } } }
/* Good1() changes PRIVATE_CONST_FIVE==5 to PRIVATE_CONST_FIVE!=5 */ private void Good1() { if (PRIVATE_CONST_FIVE != 5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Benign, fixed string"); } else { using (HashAlgorithm sha = new SHA512CryptoServiceProvider()) { /* FIX: Use a sufficiently random salt */ var salt = new byte[32]; using (var random = new RNGCryptoServiceProvider()) { random.GetNonZeroBytes(salt); byte[] textWithSaltBytes = Encoding.UTF8.GetBytes(string.Concat("hash me", salt)); byte[] hashedBytes = sha.ComputeHash(textWithSaltBytes); sha.Clear(); IO.WriteLine(IO.ToHex(hashedBytes)); } } } }
private static string Decrypt(string connectionString) { if (Cipher == null || Cipher.Length == 0) { return(connectionString); } else { // Preserve FIPS compliance SHA512 hashProvider; if (Environment.OSVersion.Version.Major > 5 || (Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor >= 2)) { hashProvider = new SHA512CryptoServiceProvider(); } else { hashProvider = new SHA512Managed(); } using (var hash = hashProvider) using (var cipher = new Rfc2898DeriveBytes(Cipher, hash.ComputeHash(Cipher), 3)) using (var decryptor = new AesCryptoServiceProvider()) { var key = cipher.GetBytes(decryptor.KeySize / 8); var iv = cipher.GetBytes(decryptor.BlockSize / 8); var dec = decryptor.CreateDecryptor(key, iv); var connectionStringBytes = Convert.FromBase64String(connectionString); // Reading from config file is always in Base64 // ToDo: check here for wrong password w/ System.Security.Cryptography.HMAC (catch the exception and display a meaningful message to the developer - or swallow the error) var decryptedBytes = dec.TransformFinalBlock(connectionStringBytes, 0, connectionStringBytes.Length); return(Encoding.UTF8.GetString(decryptedBytes)); } } }
public static int AuthenticateUser(string userName, string userPassword) { byte[] passwordHash; byte[] salt; string find = "select * from dbo.Users where Username=@Username"; List <UserModel> user; UserModel data = new UserModel { Username = userName, }; user = SqlDataAccess.LoadData(find, data); if (user.Count() != 0 & userPassword != null) { salt = user[0].Salt; using (var sha = new SHA512CryptoServiceProvider()) { var hashdata = Encoding.ASCII.GetBytes(userPassword).Concat(salt).ToArray <byte>(); var shadata = sha.ComputeHash(hashdata); passwordHash = shadata; } if (passwordHash.SequenceEqual(user[0].Password)) { return(user[0].Id); } else { return(0); } } else { return(0); } }
/* goodB2G() - use badsource and goodsink*/ private void GoodB2G(HttpRequest req, HttpResponse resp) { string data; data = ""; /* initialize data in case there are no cookies */ /* Read data from cookies */ { HttpCookieCollection cookieSources = req.Cookies; if (cookieSources != null) { /* POTENTIAL FLAW: Read data from the first cookie value */ data = cookieSources[0].Value; } } for (int k = 0; k < 1; k++) { /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } } }
private static string SHA512Crypt(string txt, Encoding encoding = null) { try { encoding = encoding ?? Encoding.UTF8; if (string.IsNullOrEmpty(txt)) { throw new Exception("原文不能为空!"); } SHA512CryptoServiceProvider sha = new SHA512CryptoServiceProvider(); byte[] org = encoding.GetBytes(txt); byte[] output = sha.ComputeHash(org); string retStr = ""; for (int i = 0; i < output.Length; i++) { retStr += output[i].ToString("x2"); } return(retStr); } catch (Exception) { throw; } }
/* goodB2G() - use BadSource and GoodSink */ public static void GoodB2GSink(byte[] dataSerialized, HttpRequest req, HttpResponse resp) { try { string data; var binForm = new BinaryFormatter(); using (var memStream = new MemoryStream()) { memStream.Write(dataSerialized, 0, dataSerialized.Length); memStream.Seek(0, SeekOrigin.Begin); data = (string)binForm.Deserialize(memStream); } /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } } catch (SerializationException exceptSerialize) { IO.Logger.Log(NLog.LogLevel.Warn, "SerializationException in deserialization", exceptSerialize); } }
/// <summary> /// Read the file and calculate the checksum ///</summary> /// <param name="type">the hash type to use</param> /// <param name="fileName">the file to read</param> /// <returns>the hex representation of the hash using uppercase chars</returns> public static String getFileHash(HashType type, String fileName) { try { var HashValue = new byte[0]; using (var fileStream = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { switch (type) { case HashType.MD5: using (var h = new MD5CryptoServiceProvider()) { HashValue = h.ComputeHash(fileStream); } break; case HashType.SHA1: using (var h = new SHA1CryptoServiceProvider()) { HashValue = h.ComputeHash(fileStream); } break; case HashType.SHA256: using (var h = new SHA256CryptoServiceProvider()) { HashValue = h.ComputeHash(fileStream); } break; case HashType.SHA384: using (var h = new SHA384CryptoServiceProvider()) { HashValue = h.ComputeHash(fileStream); } break; case HashType.SHA512: using (var h = new SHA512CryptoServiceProvider()) { HashValue = h.ComputeHash(fileStream); } break; } } return(BitConverter.ToString(HashValue).Replace("-", String.Empty)); } catch (Exception ex) { return(ex.Message); } }
/* goodB2G() - use badsource and goodsink */ private void GoodB2G() { string data; data = ""; /* Initialize data */ { /* read user input from console with ReadLine */ try { /* POTENTIAL FLAW: Read data from the console using ReadLine */ data = Console.ReadLine(); } catch (IOException exceptIO) { IO.Logger.Log(NLog.LogLevel.Warn, exceptIO, "Error with stream reading"); } } /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } }
public string SHA512_Encoding(string s) { try { String strData = ""; byte[] plainTextBytes = Ecd_.GetBytes(s); HashAlgorithm Hash; Hash = new SHA512CryptoServiceProvider(); byte[] hashed = Hash.ComputeHash(plainTextBytes); for (int i = 0; i < hashed.Length; ++i) { strData += string.Format("{0:x2}", hashed[i]); } //MD 5 변환 return(strData); } catch (Exception) { } return(null); }
/* Good1() changes true to false */ private void Good1() { if (false) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Benign, fixed string"); } else { byte[] hashedBytes; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { using (RNGCryptoServiceProvider random = new RNGCryptoServiceProvider()) { var salt = new byte[32]; /* FIX: Use a sufficiently random salt */ random.GetNonZeroBytes(salt); byte[] textWithSaltBytes = Encoding.UTF8.GetBytes(string.Concat("hash me", salt)); hashedBytes = sha512.ComputeHash(textWithSaltBytes); } } IO.WriteLine(IO.ToHex(hashedBytes)); } }
/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { string data; using (SecureString securePwd = new SecureString()) { using (SecureString secureUser = new SecureString()) { for (int i = 0; i < "AP@ssw0rd".Length; i++) { /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */ securePwd.AppendChar("AP@ssw0rd"[i]); } for (int i = 0; i < "user".Length; i++) { /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */ securePwd.AppendChar("user"[i]); } /* FIX: Set data to a hash of credentials */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { string credentialsToHash = secureUser.ToString() + ":" + securePwd.ToString(); byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, credentialsToHash)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } } } Container dataContainer = new Container(); dataContainer.containerOne = data; CWE315_Cleartext_Storage_in_Cookie__Web_67b.GoodG2BSink(dataContainer, req, resp); }