/* goodG2B() - use goodsource and badsink */ public static void GoodG2BSink(CWE313_Cleartext_Storage_in_a_File_or_on_Disk__Connect_tcp_67a.Container dataContainer) { string data = dataContainer.containerOne; using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } /* POTENTIAL FLAW: Store data directly in a file */ File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } }
/* goodB2G() - use badsource and goodsink */ public static void GoodB2GSink(CWE313_Cleartext_Storage_in_a_File_or_on_Disk__Connect_tcp_67a.Container dataContainer) { string data = dataContainer.containerOne; /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } }