/* good2() reverses the bodies in the if statement */
static void good2()
{
if(staticFive==5)
{
{
wchar_t * password = (wchar_t *)malloc(100*sizeof(wchar_t));
size_t passwordLen = 0;
HANDLE hUser;
wchar_t * username = L"User";
wchar_t * domain = L"Domain";
/* Initialize password */
password[0] = L'\0';
if (fgetws(password, 100, stdin) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
password[0] = L'\0';
}
/* Remove the carriage return from the string that is inserted by fgetws() */
passwordLen = wcslen(password);
if (passwordLen > 0)
{
password[passwordLen-1] = L'\0';
}
/* Use the password in LogonUser() to establish that it is "sensitive" */
if (LogonUserW(
username,
domain,
password,
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&hUser) != 0)
{
printLine("User logged in successfully.");
CloseHandle(hUser);
}
else
{
printLine("Unable to login.");
}
passwordLen = wcslen(password);
/* FIX: Clear password prior to freeing */
SecureZeroMemory(password, passwordLen * sizeof(wchar_t));
free(password);
}
}
}
void Trace::process(bool doBasicBlocks)
{
// Decide what kind of trace file it is
FILE *fin = fopen(this->tracefile, "r");
if (fin == 0)
{
throw wxString(wxT("Could not open trace file"));
}
wchar_t linew[LINELEN] = {0};
char line[LINELEN] = {0};
fgetws(linew, sizeof(linew), fin);
fseek(fin, 0, 0);
fgets(line, sizeof(line), fin);
fclose(fin);
// The first line of the file determines the type of trace
// Validate it before proceeding
if ( (wcsstr(linew, L"vera_trace_version=0.1") == linew) )
processVeraPin(doBasicBlocks);
else if ( wcsstr(linew, L"After init") == linew )
processEther(doBasicBlocks);
else
{
// Check to make sure it isn't an Ether trace file without the header.
char *colPos = strchr(line, ':');
size_t colLen = ((size_t) colPos) - ((size_t) line);
if (colPos && colLen > 0 && isHexString(line, colLen) )
{
processEther(doBasicBlocks);
}
else
{
throw wxString(wxT("Unrecognized trace file %s (unrecognized format)"));
}
}
if (bblMap.size() <= 1 || edgeMap.size() <= 1) // Error
{
throw wxString(wxT("Could not parse trace file (bad format)"));
}
}
/* goodB2G2() - use badsource and goodsink by reversing statements in if */
static void goodB2G2()
{
wchar_t * data;
data = (wchar_t *)malloc(100*sizeof(wchar_t));
data[0] = L'\0';
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
if(STATIC_CONST_FIVE==5)
{
{
size_t i;
/* FIX: Use a loop variable to traverse through the string pointed to by data */
for (i=0; i < wcslen(data); i++)
{
if (data[i] == SEARCH_CHAR)
{
printLine("We have a match!");
break;
}
}
free(data);
}
}
}
void bad()
{
wchar_t * data;
wchar_t dataBuffer[FILENAME_MAX] = BASEPATH;
data = dataBuffer;
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (FILENAME_MAX-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(FILENAME_MAX-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
{
HANDLE hFile;
/* POTENTIAL FLAW: Possibly creating and opening a file without validating the file name or path */
hFile = CreateFileW(data,
(GENERIC_WRITE|GENERIC_READ),
0,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hFile != INVALID_HANDLE_VALUE)
{
CloseHandle(hFile);
}
}
}
void CWE244_Heap_Inspection__w32_wchar_t_free_13_bad()
{
if(GLOBAL_CONST_FIVE==5)
{
{
wchar_t * password = (wchar_t *)malloc(100*sizeof(wchar_t));
if (password == NULL) {exit(-1);}
size_t passwordLen = 0;
HANDLE hUser;
wchar_t * username = L"User";
wchar_t * domain = L"Domain";
/* Initialize password */
password[0] = L'\0';
if (fgetws(password, 100, stdin) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
password[0] = L'\0';
}
/* Remove the carriage return from the string that is inserted by fgetws() */
passwordLen = wcslen(password);
if (passwordLen > 0)
{
password[passwordLen-1] = L'\0';
}
/* Use the password in LogonUser() to establish that it is "sensitive" */
if (LogonUserW(
username,
domain,
password,
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&hUser) != 0)
{
printLine("User logged in successfully.");
CloseHandle(hUser);
}
else
{
printLine("Unable to login.");
}
/* FLAW: free() password without clearing the password buffer */
free(password);
}
}
}
void CWE114_Process_Control__w32_wchar_t_file_16_bad()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
while(1)
{
{
/* Read input from a file */
size_t dataLen = wcslen(data);
FILE * pFile;
/* if there is room in data, attempt to read the input from a file */
if (100-dataLen > 1)
{
pFile = fopen(FILENAME, "r");
if (pFile != NULL)
{
/* POTENTIAL FLAW: Read data from a file */
if (fgetws(data+dataLen, (int)(100-dataLen), pFile) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
fclose(pFile);
}
}
}
break;
}
{
HMODULE hModule;
/* POTENTIAL FLAW: If the path to the library is not specified, an attacker may be able to
* replace his own file with the intended library */
hModule = LoadLibraryW(data);
if (hModule != NULL)
{
FreeLibrary(hModule);
printLine("Library loaded and freed successfully");
}
else
{
printLine("Unable to load library");
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */
static void goodG2B2()
{
wchar_t * password;
wchar_t passwordBuffer[100] = L"";
password = passwordBuffer;
if(STATIC_CONST_TRUE)
{
{
size_t passwordLen = 0;
/* FIX: Read the password from the console */
if (fgetws(password, 100, stdin) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
password[0] = L'\0';
}
/* Remove the carriage return from the string that is inserted by fgetws() */
passwordLen = wcslen(password);
if (passwordLen > 0)
{
password[passwordLen-1] = L'\0';
}
}
}
{
HANDLE pHandle;
wchar_t * username = L"User";
wchar_t * domain = L"Domain";
/* POTENTIAL FLAW: Attempt to login user with password from the source (which may be hardcoded) */
if (LogonUserW(
username,
domain,
password,
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&pHandle) != 0)
{
printLine("User logged in successfully.");
CloseHandle(pHandle);
}
else
{
printLine("Unable to login.");
}
}
}
void CWE134_Uncontrolled_Format_String__wchar_t_file_w32_vsnprintf_15_bad()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
switch(6)
{
case 6:
{
/* Read input from a file */
size_t dataLen = wcslen(data);
FILE * pFile;
/* if there is room in data, attempt to read the input from a file */
if (100-dataLen > 1)
{
pFile = fopen(FILENAME, "r");
if (pFile != NULL)
{
/* POTENTIAL FLAW: Read data from a file */
if (fgetws(data+dataLen, (int)(100-dataLen), pFile) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
fclose(pFile);
}
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
switch(7)
{
case 7:
badVaSinkB(data, data);
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
}
int SimpleLoader::Load(const wchar_t *filename, ifc_playlistloadercallback *playlist)
{
FILE *simpleFile = _wfopen(filename, L"rt");
if (simpleFile)
{
wchar_t nextFile[1024];
while (!feof(simpleFile))
{
if (fgetws(nextFile, 1024, simpleFile))
playlist->OnFile(nextFile, 0, -1, 0);
}
return IFC_PLAYLISTLOADER_SUCCESS;
}
return IFC_PLAYLISTLOADER_FAILED;
}
void CWE78_OS_Command_Injection__wchar_t_console_w32_execv_32_bad()
{
wchar_t * data;
wchar_t * *dataPtr1 = &data;
wchar_t * *dataPtr2 = &data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
{
wchar_t * data = *dataPtr1;
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
*dataPtr1 = data;
}
{
wchar_t * data = *dataPtr2;
{
wchar_t *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* wexecv - specify the path where the command is located */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECV(COMMAND_INT_PATH, args);
}
}
}
void bad()
{
int i;
wchar_t * data;
wchar_t dataBuffer[FILENAME_MAX] = L"";
data = dataBuffer;
for(i = 0; i < 1; i++)
{
{
/* Read input from a file */
size_t dataLen = wcslen(data);
FILE * pFile;
/* if there is room in data, attempt to read the input from a file */
if (FILENAME_MAX-dataLen > 1)
{
pFile = fopen(FILENAME, "r");
if (pFile != NULL)
{
/* POTENTIAL FLAW: Read data from a file */
if (fgetws(data+dataLen, (int)(FILENAME_MAX-dataLen), pFile) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
fclose(pFile);
}
}
}
}
{
HANDLE hFile;
/* POTENTIAL FLAW: Possibly creating and opening a file without validating the file name or path */
hFile = CreateFileW(data,
(GENERIC_WRITE|GENERIC_READ),
0,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hFile != INVALID_HANDLE_VALUE)
{
CloseHandle(hFile);
}
}
}
void bad()
{
wchar_t * data;
wchar_t dataBuffer[FILENAME_MAX] = BASEPATH;
data = dataBuffer;
if(globalReturnsTrueOrFalse())
{
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (FILENAME_MAX-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(FILENAME_MAX-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
}
else
{
/* FIX: Use a fixed file name */
wcscat(data, L"file.txt");
}
{
ifstream inputFile;
/* POTENTIAL FLAW: Possibly opening a file without validating the file name or path */
inputFile.open((char *)data);
inputFile.close();
}
}
void CWE226_Sensitive_Information_Uncleared_Before_Release__w32_wchar_t_alloca_16_bad()
{
while(1)
{
{
wchar_t * password = (wchar_t *)ALLOCA(100*sizeof(wchar_t));
size_t passwordLen = 0;
HANDLE hUser;
wchar_t * username = L"User";
wchar_t * domain = L"Domain";
/* Initialize password */
password[0] = L'\0';
if (fgetws(password, 100, stdin) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
password[0] = L'\0';
}
/* Remove the carriage return from the string that is inserted by fgetws() */
passwordLen = wcslen(password);
if (passwordLen > 0)
{
password[passwordLen-1] = L'\0';
}
/* Use the password in LogonUser() to establish that it is "sensitive" */
if (LogonUserW(
username,
domain,
password,
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&hUser) != 0)
{
printLine("User logged in successfully.");
CloseHandle(hUser);
}
else
{
printLine("Unable to login.");
}
/* FLAW: Release password from the stack without first clearing the buffer */
}
break;
}
}
void CWE761_Free_Pointer_Not_at_Start_of_Buffer__wchar_t_console_06_bad()
{
wchar_t * data;
data = (wchar_t *)malloc(100*sizeof(wchar_t));
data[0] = L'\0';
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
if(STATIC_CONST_FIVE==5)
{
/* FLAW: We are incrementing the pointer in the loop - this will cause us to free the
* memory block not at the start of the buffer */
for (; *data != L'\0'; data++)
{
if (*data == SEARCH_CHAR)
{
printLine("We have a match!");
break;
}
}
free(data);
}
}
void CWE78_OS_Command_Injection__wchar_t_file_popen_15_bad()
{
wchar_t * data;
wchar_t data_buf[100] = FULL_COMMAND;
data = data_buf;
switch(6)
{
case 6:
{
/* Read input from a file */
size_t dataLen = wcslen(data);
FILE * pFile;
/* if there is room in data, attempt to read the input from a file */
if (100-dataLen > 1)
{
pFile = fopen(FILENAME, "r");
if (pFile != NULL)
{
/* POTENTIAL FLAW: Read data from a file */
if (fgetws(data+dataLen, (int)(100-dataLen), pFile) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
fclose(pFile);
}
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
//search for all words given in file_name and save results to output_file_name
void search_words(TREE_NODE *root, char * file_name, char * output_file_name){
FILE *file, *output_file;
file = fopen(file_name,"r");
output_file = fopen(output_file_name,"w");
if(!file){
printf("arquivo de entrada invalido\n");
return;
}
if(!output_file){
printf("arquivo de saida invalido\n");
return;
}
wchar_t line [ 10000 ];
wchar_t *result = malloc(sizeof(wchar_t) * 10000);
//start benchmark
double start_time, end_time, time_elapsed;
start_time = (double)clock();
while ( fgetws ( line, sizeof line, file ) != NULL ){//read line by line
if(line[wcslen(line) -1] == '\n') line[wcslen(line) -1] = '\0';//remove new line char
if(line[wcslen(line) -1] == ' ') line[wcslen(line) -1] = '\0';
W_TOKEN *token = malloc(sizeof(W_TOKEN));
str_to_lower(line);
token->word = line;
search_word(root, token, result);
fwprintf(output_file, L"%ls",result);
fputws ( result, stdout );
}
end_time = (double)clock();
time_elapsed = ( end_time - start_time )/CLOCKS_PER_SEC;
//end benchmark
fwprintf(output_file, L"%s","\n");
fwprintf(output_file, L"O tempo gasto na busca foi de %fms.\n", time_elapsed*1000);
printf("\n");
printf("O tempo gasto na busca foi de %fms.\n", time_elapsed*1000);
fclose(file);
fclose(output_file);
}
void bad()
{
wchar_t * data;
wchar_t * *dataPtr1 = &data;
wchar_t * *dataPtr2 = &data;
wchar_t dataBuffer[FILENAME_MAX] = L"";
data = dataBuffer;
{
wchar_t * data = *dataPtr1;
{
/* Read input from a file */
size_t dataLen = wcslen(data);
FILE * pFile;
/* if there is room in data, attempt to read the input from a file */
if (FILENAME_MAX-dataLen > 1)
{
pFile = fopen(FILENAME, "r");
if (pFile != NULL)
{
/* POTENTIAL FLAW: Read data from a file */
if (fgetws(data+dataLen, (int)(FILENAME_MAX-dataLen), pFile) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
fclose(pFile);
}
}
}
*dataPtr1 = data;
}
{
wchar_t * data = *dataPtr2;
{
FILE *pFile = NULL;
/* POTENTIAL FLAW: Possibly opening a file without validating the file name or path */
pFile = FOPEN(data, L"wb+");
if (pFile != NULL)
{
fclose(pFile);
}
}
}
}
int
main (
int argc,
char * * argv ) {
wchar_t sz[100];
char * psz = "No Name";
setlocale(LC_ALL, "");
if (argc >= 2) {
psz = argv[1];
}
fprintf(stderr, "[%s] Standard In Begin\n", psz);
while (fgetws(sz, sizeof (sz) / sizeof (wchar_t), stdin)) {
fprintf(stderr, "[%s] %ls", psz, sz);
}
fprintf(stderr, "[%s] Standard In End\n", psz);
fprintf(stderr, "[%s] Standard Error\n", psz);
return (0);
}
void CWE390_Error_Without_Action__fgets_wchar_t_18_bad()
{
goto sink;
sink:
{
/* By initializing dataBuffer, we ensure this will not be the
* CWE 690 (Unchecked Return Value To NULL Pointer) flaw for fgetws() */
wchar_t dataBuffer[100] = L"";
wchar_t * data = dataBuffer;
printWLine(L"Please enter a string: ");
/* FLAW: check the return value, but do nothing if there is an error */
if (fgetws(data, 100, stdin) == NULL)
{
/* do nothing */
}
printWLine(data);
}
}
void CWE78_OS_Command_Injection__wchar_t_console_popen_16_bad()
{
wchar_t * data;
wchar_t data_buf[100] = FULL_COMMAND;
data = data_buf;
while(1)
{
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
break;
}
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* good1() uses the GoodSinkBody in the for statements */
static void good1()
{
int k;
for(k = 0; k < 1; k++)
{
{
wchar_t password[100] = L"";
size_t passwordLen = 0;
HANDLE pHandle;
wchar_t * username = L"User";
wchar_t * domain = L"Domain";
if (fgetws(password, 100, stdin) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
password[0] = L'\0';
}
/* Remove the carriage return from the string that is inserted by fgetws() */
passwordLen = wcslen(password);
if (passwordLen > 0)
{
password[passwordLen-1] = L'\0';
}
/* Use the password in LogonUser() to establish that it is "sensitive" */
if (LogonUserW(
username,
domain,
password,
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&pHandle) != 0)
{
printLine("User logged in successfully.");
CloseHandle(pHandle);
}
else
{
printLine("Unable to login.");
}
/* FIX: Do not write sensitive data to stderr */
fwprintf(stderr, L"User attempted access\n");
}
}
}
void bad()
{
int i;
wchar_t * data;
wchar_t dataBuffer[FILENAME_MAX] = L"";
data = dataBuffer;
for(i = 0; i < 1; i++)
{
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (FILENAME_MAX-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(FILENAME_MAX-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
}
{
int fileDesc;
/* POTENTIAL FLAW: Possibly opening a file without validating the file name or path */
fileDesc = OPEN(data, O_RDWR|O_CREAT, S_IREAD|S_IWRITE);
if (fileDesc != -1)
{
CLOSE(fileDesc);
}
}
}
void CWE78_OS_Command_Injection__wchar_t_console_execlp_15_bad()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
switch(6)
{
case 6:
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
/* wexeclp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECLP(COMMAND_INT, COMMAND_INT, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL);
}
/* goodB2G1() - use badsource and goodsink by changing the second GLOBAL_CONST_TRUE to GLOBAL_CONST_FALSE */
static void goodB2G1()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
if(GLOBAL_CONST_TRUE)
{
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
}
if(GLOBAL_CONST_FALSE)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
/* FIX: Specify the format disallowing a format string vulnerability */
wprintf(L"%s\n", data);
}
}
/* goodB2G1() - use badsource and goodsink by changing the second globalTrue to globalFalse */
static void goodB2G1()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
if(globalTrue)
{
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
}
if(globalFalse)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
goodB2G1VaSinkG(data, data);
}
}
void CWE134_Uncontrolled_Format_String__wchar_t_console_snprintf_05_bad()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
if(staticTrue)
{
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
}
if(staticTrue)
{
{
wchar_t dest[100] = L"";
/* POTENTIAL FLAW: Do not specify the format allowing a possible format string vulnerability */
SNPRINTF(dest, 100-1, data);
printWLine(dest);
}
}
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the second if */
static void goodB2G2()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
if(GLOBAL_CONST_FIVE==5)
{
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
}
if(GLOBAL_CONST_FIVE==5)
{
{
wchar_t dest[100] = L"";
/* FIX: Specify the format disallowing a format string vulnerability */
SNPRINTF(dest, 100-1, L"%s", data);
printWLine(dest);
}
}
}
void scorelist_load() {
int i, j;
wchar_t chunk[1024];
wchar_t delim[2] = L" ";
wchar_t *ptr;
wchar_t *token;
FILE *fp = fopen(scorelist_file, "r, ccs=UTF-8");
if (fp != NULL) {
i = 0;
while (fgetws(chunk, 1024, fp) != NULL) {
chunk[wcslen(chunk) - 1] = L'\0';
if (wcslen(chunk) > 0) {
j = 0;
token = wcstok(chunk, delim, &ptr);
while (token != NULL) {
switch (j) {
case 0:
wcsncpy(scorelist[i].name, token, 255);
break;
case 1:
scorelist[i].points = (unsigned int)wcstoul(token, NULL, 0);
break;
case 2:
scorelist[i].chars = (unsigned int)wcstoul(token, NULL, 0);
break;
case 3:
scorelist[i].seconds = (unsigned int)wcstoul(token, NULL, 0);
break;
}
token = wcstok(ptr, delim, &ptr);
j++;
}
i++;
}
}
fclose(fp);
scorelist_length = i;
}
free(ptr);
free(token);
}
/* goodB2G2() - use badsource and goodsink by reversing statements in if */
static void goodB2G2()
{
wchar_t * data;
data = (wchar_t *)malloc(100*sizeof(wchar_t));
data[0] = L'\0';
{
/* Read input from a file */
size_t dataLen = wcslen(data);
FILE * pFile;
/* if there is room in data, attempt to read the input from a file */
if (100-dataLen > 1)
{
pFile = fopen(FILENAME, "r");
if (pFile != NULL)
{
/* POTENTIAL FLAW: Read data from a file */
if (fgetws(data+dataLen, (int)(100-dataLen), pFile) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
fclose(pFile);
}
}
}
if(5==5)
{
{
size_t i;
/* FIX: Use a loop variable to traverse through the string pointed to by data */
for (i=0; i < wcslen(data); i++)
{
if (data[i] == SEARCH_CHAR)
{
printLine("We have a match!");
break;
}
}
free(data);
}
}
}
void bad()
{
wchar_t * data;
wchar_t dataBuffer[FILENAME_MAX] = L"";
data = dataBuffer;
if(staticReturnsTrue())
{
{
/* Read input from the console */
size_t dataLen = wcslen(data);
/* if there is room in data, read into it from the console */
if (FILENAME_MAX-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgetws(data+dataLen, (int)(FILENAME_MAX-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgetws() */
dataLen = wcslen(data);
if (dataLen > 0 && data[dataLen-1] == L'\n')
{
data[dataLen-1] = L'\0';
}
}
else
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
}
}
}
{
FILE *pFile = NULL;
/* POTENTIAL FLAW: Possibly opening a file without validating the file name or path */
pFile = FOPEN(data, L"wb+");
if (pFile != NULL)
{
fclose(pFile);
}
}
}
