/* goodG2B() - use goodsource and badsink */ private static void GoodG2B() { string data = CWE606_Unchecked_Loop_Condition__NetClient_61b.GoodG2BSource(); int numberOfLoops; try { numberOfLoops = int.Parse(data); } catch (FormatException exceptNumberFormat) { IO.WriteLine("Invalid response. Numeric input expected. Assuming 1."); IO.Logger.Log(NLog.LogLevel.Warn, exceptNumberFormat, "Invalid response. Numeric input expected. Assuming 1."); numberOfLoops = 1; } for (int i = 0; i < numberOfLoops; i++) { /* POTENTIAL FLAW: user supplied input used for loop counter test */ IO.WriteLine("hello world"); } }
/* goodB2G() - use badsource and goodsink */ private static void GoodB2G() { string data = CWE606_Unchecked_Loop_Condition__NetClient_61b.GoodB2GSource(); int numberOfLoops; try { numberOfLoops = int.Parse(data); } catch (FormatException exceptNumberFormat) { IO.WriteLine("Invalid response. Numeric input expected. Assuming 1."); IO.Logger.Log(NLog.LogLevel.Warn, exceptNumberFormat, "Invalid response. Numeric input expected. Assuming 1."); numberOfLoops = 1; } /* FIX: loop number thresholds validated */ if (numberOfLoops >= 0 && numberOfLoops <= 5) { for (int i = 0; i < numberOfLoops; i++) { IO.WriteLine("hello world"); } } }