/* TEMPLATE GENERATED TESTCASE FILE Filename: CWE191_Integer_Underflow__short_rand_predec_75a.java Label Definition File: CWE191_Integer_Underflow.label.xml Template File: sources-sinks-75a.tmpl.java */ /* * @description * CWE: 191 Integer Underflow * BadSource: rand Set data to result of rand() * GoodSource: A hardcoded non-zero, non-min, non-max, even number * Sinks: decrement * GoodSink: Ensure there will not be an underflow before decrementing data * BadSink : Decrement data, which can cause an Underflow * Flow Variant: 75 Data flow: data passed in a serialized object from one method to another in different source files in the same package * * */ package testcases.CWE191_Integer_Underflow.s05; import testcasesupport.*; import java.io.ByteArrayOutputStream; import java.io.ObjectOutput; import java.io.ObjectOutputStream; import java.io.IOException; import java.util.logging.Level; public class CWE191_Integer_Underflow__short_rand_predec_75a extends AbstractTestCase { public void bad() throws Throwable { short data; /* POTENTIAL FLAW: Use a random value */ data = (short)((new java.security.SecureRandom()).nextInt(1+Short.MAX_VALUE-Short.MIN_VALUE)+Short.MIN_VALUE); /* serialize data to a byte array */ ByteArrayOutputStream streamByteArrayOutput = null; ObjectOutput outputObject = null; try { streamByteArrayOutput = new ByteArrayOutputStream() ; outputObject = new ObjectOutputStream(streamByteArrayOutput) ; outputObject.writeObject(data); byte[] dataSerialized = streamByteArrayOutput.toByteArray(); (new CWE191_Integer_Underflow__short_rand_predec_75b()).badSink(dataSerialized ); } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO); } finally { /* clean up stream writing objects */ try { if (outputObject != null) { outputObject.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO); } try { if (streamByteArrayOutput != null) { streamByteArrayOutput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO); } } } public void good() throws Throwable { goodG2B(); goodB2G(); } /* goodG2B() - use GoodSource and BadSink */ private void goodG2B() throws Throwable { short data; /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; /* serialize data to a byte array */ ByteArrayOutputStream streamByteArrayOutput = null; ObjectOutput outputObject = null; try { streamByteArrayOutput = new ByteArrayOutputStream() ; outputObject = new ObjectOutputStream(streamByteArrayOutput) ; outputObject.writeObject(data); byte[] dataSerialized = streamByteArrayOutput.toByteArray(); (new CWE191_Integer_Underflow__short_rand_predec_75b()).goodG2BSink(dataSerialized ); } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO); } finally { /* clean up stream writing objects */ try { if (outputObject != null) { outputObject.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO); } try { if (streamByteArrayOutput != null) { streamByteArrayOutput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO); } } } /* goodB2G() - use BadSource and GoodSink */ private void goodB2G() throws Throwable { short data; /* POTENTIAL FLAW: Use a random value */ data = (short)((new java.security.SecureRandom()).nextInt(1+Short.MAX_VALUE-Short.MIN_VALUE)+Short.MIN_VALUE); /* serialize data to a byte array */ ByteArrayOutputStream streamByteArrayOutput = null; ObjectOutput outputObject = null; try { streamByteArrayOutput = new ByteArrayOutputStream() ; outputObject = new ObjectOutputStream(streamByteArrayOutput) ; outputObject.writeObject(data); byte[] dataSerialized = streamByteArrayOutput.toByteArray(); (new CWE191_Integer_Underflow__short_rand_predec_75b()).goodB2GSink(dataSerialized ); } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "IOException in serialization", exceptIO); } finally { /* clean up stream writing objects */ try { if (outputObject != null) { outputObject.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ObjectOutputStream", exceptIO); } try { if (streamByteArrayOutput != null) { streamByteArrayOutput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ByteArrayOutputStream", exceptIO); } } } /* Below is the main(). It is only used when building this testcase on * its own for testing or for building a binary to use in testing binary * analysis tools. It is not used when compiling all the testcases as one * application, which is how source code analysis tools are tested. */ public static void main(String[] args) throws ClassNotFoundException, InstantiationException, IllegalAccessException { mainFromParent(args); } }