public override void Bad(HttpRequest req, HttpResponse resp) { string data; data = ""; /* initialize data in case id is not in query string */ /* POTENTIAL FLAW: Parse id param out of the URL querystring (without using getParameter()) */ { if (req.QueryString["id"] != null) { data = req.QueryString["id"]; } } /* serialize data to a byte array */ byte[] dataSerialized = null; try { BinaryFormatter bf = new BinaryFormatter(); using (var ms = new MemoryStream()) { bf.Serialize(ms, data); dataSerialized = ms.ToArray(); } CWE78_OS_Command_Injection__QueryString_Web_75b.BadSink(dataSerialized, req, resp); } catch (SerializationException exceptSerialize) { IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize); } }
/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { string data; /* FIX: Use a hardcoded string */ data = "foo"; /* serialize data to a byte array */ byte[] dataSerialized = null; try { BinaryFormatter bf = new BinaryFormatter(); using (var ms = new MemoryStream()) { bf.Serialize(ms, data); dataSerialized = ms.ToArray(); } CWE78_OS_Command_Injection__QueryString_Web_75b.GoodG2BSink(dataSerialized, req, resp); } catch (SerializationException exceptSerialize) { IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize); } }