/* goodB2G() - use badsource and goodsink */ private void GoodB2G() { string password; password = ""; /* init password */ /* retrieve the password */ try { password = Encoding.UTF8.GetString(File.ReadAllBytes("../../../common/strong_password_file.txt")); } catch (IOException exceptIO) { IO.Logger.Log(NLog.LogLevel.Warn, "Error with file reading", exceptIO); } /* POTENTIAL FLAW: The raw password read from the .txt file is passed on (without being decrypted) */ CWE256_Unprotected_Storage_of_Credentials__basic_51b.GoodB2GSink(password); }