/* goodG2B() - use goodsource and badsink */ private static void GoodG2B() { string data = CWE134_Externally_Controlled_Format_String__Environment_console_interpolation_61b.GoodG2BSource(); if (data != null) { /* POTENTIAL FLAW: uncontrolled string formatting */ Console.Write(string.Format(data)); } }
/* goodB2G() - use badsource and goodsink */ private static void GoodB2G() { string data = CWE134_Externally_Controlled_Format_String__Environment_console_interpolation_61b.GoodB2GSource(); if (data != null) { /* FIX: explicitly defined string formatting by using interpolation */ Console.Write("{0}{1}", data, Environment.NewLine); } }
public override void Bad() { string data = CWE134_Externally_Controlled_Format_String__Environment_console_interpolation_61b.BadSource(); if (data != null) { /* POTENTIAL FLAW: uncontrolled string formatting */ Console.Write(string.Format(data)); } }