Example 3: Different source and sink files

The following example illustrates the source in a different file from the sink.

TestCase_IOT_Xfile_Part1.java:

public class TestCase_IOT_XFile_Part1 {
	public static void main(String[] args) {
		try {
			TestCase_IOT_XFile_Part1 testCase =
				new TestCase_IOT_XFile_Part1();
			TestCase_IOT_XFile_Part2 testCase2 =
				new TestCase_IOT_XFile_Part2();
			testCase2.writeToVulnerableSink(
				testCase.getVulnerableSource(args[0]));
		} catch (Exception e) {
		}
	}

	public String getVulnerableSource(String file)
		throws IOException, FileNotFoundException {
		FileInputStream fis = new FileInputStream(file);
		byte[] buf = new byte[100];
		fis.read(buf);
		String ret = new String(buf);
		fis.close();
		return ret;
	}
}

TestCase_IOT_Xfile_Part2.java:

public class TestCase_IOT_XFile_Part2 {
	public void writeToVulnerableSink(String str)
		throws FileNotFoundException {
		FileOutputStream fos = new FileOutputStream(str);
		PrintWriter writer = new PrintWriter(fos);
		writer.write(str);
	}
}

Tracing the data from TestCase_IOT_Xfile_Part1.java to TestCase_IOT_Xfile_Part2.java allows data flow to be traced through an entire program. The stack trace appears:

Trace view showing the data flow from TestCase_IOT_XFile_Part1 to TestCase_IOT_XFile_Part2

This example shows the data flowing from TestCase_IOT_XFile_Part1 to TestCase_IOT_XFile_Part2 through the main method.