/* goodB2G() - use badsource and goodsink */ private static void GoodB2G(HttpRequest req, HttpResponse resp) { int data = CWE129_Improper_Validation_of_Array_Index__Get_Cookies_Web_array_read_check_min_61b.GoodB2GSource(req, resp); /* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */ int[] array = { 0, 1, 2, 3, 4 }; /* FIX: Fully verify data before reading from array at location data */ if (data >= 0 && data < array.Length) { IO.WriteLine(array[data]); } else { IO.WriteLine("Array index out of bounds"); } }
/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { int data = CWE129_Improper_Validation_of_Array_Index__Get_Cookies_Web_array_read_check_min_61b.GoodG2BSource(req, resp); /* Need to ensure that the array is of size > 3 and < 101 due to the GoodSource and the large_fixed BadSource */ int[] array = { 0, 1, 2, 3, 4 }; /* POTENTIAL FLAW: Verify that data >= 0, but don't verify that data < array.Length, so may be attempting to read out of the array bounds */ if (data >= 0) { IO.WriteLine(array[data]); } else { IO.WriteLine("Array index out of bounds"); } }