/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { int count = CWE400_Uncontrolled_Resource_Consumption__Params_Get_Web_for_loop_61b.GoodG2BSource(req, resp); int i = 0; /* POTENTIAL FLAW: For loop using count as the loop variant and no validation */ for (i = 0; i < count; i++) { IO.WriteLine("Hello"); } }
/* goodB2G() - use badsource and goodsink */ private static void GoodB2G(HttpRequest req, HttpResponse resp) { int count = CWE400_Uncontrolled_Resource_Consumption__Params_Get_Web_for_loop_61b.GoodB2GSource(req, resp); int i = 0; /* FIX: Validate count before using it as the for loop variant */ if (count > 0 && count <= 20) { for (i = 0; i < count; i++) { IO.WriteLine("Hello"); } } }