public override void Bad(HttpRequest req, HttpResponse resp) { string data; data = ""; /* initialize data in case there are no cookies */ /* Read data from cookies */ { HttpCookieCollection cookieSources = req.Cookies; if (cookieSources != null) { /* POTENTIAL FLAW: Read data from the first cookie value */ data = cookieSources[0].Value; } } /* serialize data to a byte array */ byte[] dataSerialized = null; try { BinaryFormatter bf = new BinaryFormatter(); using (var ms = new MemoryStream()) { bf.Serialize(ms, data); dataSerialized = ms.ToArray(); } CWE80_XSS__Web_Get_Cookies_Web_75b.BadSink(dataSerialized, req, resp); } catch (SerializationException exceptSerialize) { IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize); } }
/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { string data; /* FIX: Use a hardcoded string */ data = "foo"; /* serialize data to a byte array */ byte[] dataSerialized = null; try { BinaryFormatter bf = new BinaryFormatter(); using (var ms = new MemoryStream()) { bf.Serialize(ms, data); dataSerialized = ms.ToArray(); } CWE80_XSS__Web_Get_Cookies_Web_75b.GoodG2BSink(dataSerialized, req, resp); } catch (SerializationException exceptSerialize) { IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize); } }