Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package testcases.CWE259_Hard_Coded_Password;
- import testcasesupport.*;
- import java.util.logging.Level;
- import java.io.*;
- import java.sql.*;
- public class connection extends AbstractTestCase
- {
- /* uses badsource and badsink */
- public void bad() throws Throwable
- {
- String data;
- if (true)
- {
- data = "7e5tc4s3";
- }
- else
- {
- data = null;
- }
- Connection connection = null;
- PreparedStatement preparedStatement = null;
- ResultSet resultSet = null;
- if (data != null)
- {
- try
- {
- connection = DriverManager.getConnection("data-url", "root", data);
- preparedStatement = connection.prepareStatement("select * from test_table");
- resultSet = preparedStatement.executeQuery();
- }
- catch (SQLException exceptSql)
- {
- IO.logger.log(Level.WARNING, "Error with database connection", exceptSql);
- }
- finally
- {
- try
- {
- if (resultSet != null)
- {
- resultSet.close();
- }
- }
- catch (SQLException exceptSql)
- {
- IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql);
- }
- try
- {
- if (preparedStatement != null)
- {
- preparedStatement.close();
- }
- }
- catch (SQLException exceptSql)
- {
- IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
- }
- try
- {
- if (connection != null)
- {
- connection.close();
- }
- }
- catch (SQLException exceptSql)
- {
- IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
- }
- }
- }
- }
- public static void main(String[] args) throws ClassNotFoundException,
- InstantiationException, IllegalAccessException
- {
- mainFromParent(args);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement