/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { string data = CWE313_Cleartext_Storage_in_a_File_or_on_Disk__Get_Cookies_Web_61b.GoodG2BSource(req, resp); using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } /* POTENTIAL FLAW: Store data directly in a file */ File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } }
/* goodB2G() - use badsource and goodsink */ private static void GoodB2G(HttpRequest req, HttpResponse resp) { string data = CWE313_Cleartext_Storage_in_a_File_or_on_Disk__Get_Cookies_Web_61b.GoodB2GSource(req, resp); /* FIX: Hash data before storing in a file */ { string salt = "ThisIsMySalt"; using (SHA512CryptoServiceProvider sha512 = new SHA512CryptoServiceProvider()) { byte[] buffer = Encoding.UTF8.GetBytes(string.Concat(salt, data)); byte[] hashedCredsAsBytes = sha512.ComputeHash(buffer); data = IO.ToHex(hashedCredsAsBytes); } } using (SecureString secureData = new SecureString()) { for (int i = 0; i < data.Length; i++) { secureData.AppendChar(data[i]); } File.WriteAllText(@"C:\Users\Public\WriteText.txt", secureData.ToString()); } }