/* TEMPLATE GENERATED TESTCASE FILE Filename: CWE191_Integer_Underflow__short_min_predec_21.java Label Definition File: CWE191_Integer_Underflow.label.xml Template File: sources-sinks-21.tmpl.java */ /* * @description * CWE: 191 Integer Underflow * BadSource: min Set data to the max value for short * GoodSource: A hardcoded non-zero, non-min, non-max, even number * Sinks: decrement * GoodSink: Ensure there will not be an underflow before decrementing data * BadSink : Decrement data, which can cause an Underflow * Flow Variant: 21 Control flow: Flow controlled by value of a private variable. All functions contained in one file. * * */ package testcases.CWE191_Integer_Underflow.s05; import testcasesupport.*; public class CWE191_Integer_Underflow__short_min_predec_21 extends AbstractTestCase { /* The variable below is used to drive control flow in the sink function */ private boolean badPrivate = false; public void bad() throws Throwable { short data; /* POTENTIAL FLAW: Use the maximum size of the data type */ data = Short.MIN_VALUE; badPrivate = true; badSink(data ); } private void badSink(short data ) throws Throwable { if (badPrivate) { /* POTENTIAL FLAW: if data == Short.MIN_VALUE, this will overflow */ short result = (short)(--data); IO.writeLine("result: " + result); } } /* The variables below are used to drive control flow in the sink functions. */ private boolean goodB2G1Private = false; private boolean goodB2G2Private = false; private boolean goodG2BPrivate = false; public void good() throws Throwable { goodB2G1(); goodB2G2(); goodG2B(); } /* goodB2G1() - use BadSource and GoodSink by setting the variable to false instead of true */ private void goodB2G1() throws Throwable { short data; /* POTENTIAL FLAW: Use the maximum size of the data type */ data = Short.MIN_VALUE; goodB2G1Private = false; goodB2G1Sink(data ); } private void goodB2G1Sink(short data ) throws Throwable { if (goodB2G1Private) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.writeLine("Benign, fixed string"); } else { /* FIX: Add a check to prevent an underflow from occurring */ if (data > Short.MIN_VALUE) { short result = (short)(--data); IO.writeLine("result: " + result); } else { IO.writeLine("data value is too small to decrement."); } } } /* goodB2G2() - use BadSource and GoodSink by reversing the blocks in the if in the sink function */ private void goodB2G2() throws Throwable { short data; /* POTENTIAL FLAW: Use the maximum size of the data type */ data = Short.MIN_VALUE; goodB2G2Private = true; goodB2G2Sink(data ); } private void goodB2G2Sink(short data ) throws Throwable { if (goodB2G2Private) { /* FIX: Add a check to prevent an underflow from occurring */ if (data > Short.MIN_VALUE) { short result = (short)(--data); IO.writeLine("result: " + result); } else { IO.writeLine("data value is too small to decrement."); } } } /* goodG2B() - use GoodSource and BadSink */ private void goodG2B() throws Throwable { short data; /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; goodG2BPrivate = true; goodG2BSink(data ); } private void goodG2BSink(short data ) throws Throwable { if (goodG2BPrivate) { /* POTENTIAL FLAW: if data == Short.MIN_VALUE, this will overflow */ short result = (short)(--data); IO.writeLine("result: " + result); } } /* Below is the main(). It is only used when building this testcase on * its own for testing or for building a binary to use in testing binary * analysis tools. It is not used when compiling all the testcases as one * application, which is how source code analysis tools are tested. */ public static void main(String[] args) throws ClassNotFoundException, InstantiationException, IllegalAccessException { mainFromParent(args); } }