/* goodG2B() - use goodsource and badsink */ private static void GoodG2B(HttpRequest req, HttpResponse resp) { string data; /* FIX: Use a hardcoded string */ data = "foo"; string[] dataArray = new string[5]; dataArray[2] = data; CWE90_LDAP_Injection__Get_Cookies_Web_66b.GoodG2BSink(dataArray, req, resp); }
public override void Bad(HttpRequest req, HttpResponse resp) { string data; data = ""; /* initialize data in case there are no cookies */ /* Read data from cookies */ { HttpCookieCollection cookieSources = req.Cookies; if (cookieSources != null) { /* POTENTIAL FLAW: Read data from the first cookie value */ data = cookieSources[0].Value; } } string[] dataArray = new string[5]; dataArray[2] = data; CWE90_LDAP_Injection__Get_Cookies_Web_66b.BadSink(dataArray, req, resp); }