/* goodG2B() - use GoodSource and BadSink */ private static void GoodG2B() { string data; /* FIX: Use a regular string (non-sensitive string) */ data = "Hello World"; Dictionary <int, string> dataDictionary = new Dictionary <int, string>(); dataDictionary.Add(0, data); dataDictionary.Add(1, data); dataDictionary.Add(2, data); CWE319_Cleartext_Tx_Sensitive_Info__send_74b.GoodG2BSink(dataDictionary); }
/* goodB2G() - use BadSource and GoodSink */ private static void GoodB2G() { string data; using (SecureString securePwd = new SecureString()) { for (int i = 0; i < "AP@ssw0rd".Length; i++) { /* INCIDENTAL: CWE-798 Use of Hard-coded Credentials */ securePwd.AppendChar("AP@ssw0rd"[i]); } /* POTENTIAL FLAW: Set data to be a password, which can be transmitted over a non-secure * channel in the sink */ data = securePwd.ToString(); } Dictionary <int, string> dataDictionary = new Dictionary <int, string>(); dataDictionary.Add(0, data); dataDictionary.Add(1, data); dataDictionary.Add(2, data); CWE319_Cleartext_Tx_Sensitive_Info__send_74b.GoodB2GSink(dataDictionary); }