public override void Bad() { if (IO.StaticReturnsTrueOrFalse()) { /* FLAW: Differentiating by name is not enough, since different classes in different packages may use the same name */ testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper helperClass = new testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper(); testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper helperClassRoot = new testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper(); if (helperClassRoot.GetType().Name.Equals(helperClass.GetType().Name)) { IO.WriteLine("Classes are the same"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Classes are different"); } } else { testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper helperClass = new testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper(); testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper helperClassRoot = new testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper(); /* FIX: Compare the class types and not the names */ if (helperClassRoot.ToString().Equals(helperClass.ToString())) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Classes are the same"); } else { IO.WriteLine("Classes are different"); } } }
/* Good1() changes the "if" so that both branches use the GoodSink */ private void Good1() { if (IO.StaticReturnsTrueOrFalse()) { testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper helperClass = new testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper(); testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper helperClassRoot = new testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper(); /* FIX: Compare the class types and not the names */ if (helperClassRoot.ToString().Equals(helperClass.ToString())) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Classes are the same"); } else { IO.WriteLine("Classes are different"); } } else { testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper helperClass = new testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper(); testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper helperClassRoot = new testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper(); /* FIX: Compare the class types and not the names */ if (helperClassRoot.ToString().Equals(helperClass.ToString())) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Classes are the same"); } else { IO.WriteLine("Classes are different"); } } }
/* Good2() reverses the blocks in the switch */ private void Good2() { switch (7) { case 7: testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper helperClass = new testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper(); testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper helperClassRoot = new testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper(); /* FIX: Compare the class types and not the names */ if (helperClassRoot.ToString().Equals(helperClass.ToString())) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Classes are the same"); } else { IO.WriteLine("Classes are different"); } break; default: /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Benign, fixed string"); break; } }
/* Good1() changes IO.STATIC_READONLY_TRUE to IO.STATIC_READONLY_FALSE */ private void Good1() { if (IO.STATIC_READONLY_FALSE) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Benign, fixed string"); } else { testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper helperClass = new testcases.CWE486_Compare_Classes_by_Name.HelperClass.CWE486_Compare_Classes_by_Name__Helper(); testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper helperClassRoot = new testcases.CWE486_Compare_Classes_by_Name.CWE486_Compare_Classes_by_Name__Helper(); /* FIX: Compare the class types and not the names */ if (helperClassRoot.ToString().Equals(helperClass.ToString())) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.WriteLine("Classes are the same"); } else { IO.WriteLine("Classes are different"); } } }