benjholla/ExpandedDataFlowLaunder.java

## ExpandedDataFlowLaunder.java
import java.math.BigInteger;

public class ExpandedDataFlowLaunder {

	public static void main(String args[]) {
		String sensitive = toHex("SECRET_DATA");
		leak(launder(sensitive));
	}

	// a method that should never get sensitive data...
	private static void leak(String data) {
		System.out.println(toASCII(data));
	}

	// converts an ASCII string to hex
	private static String toHex(String arg) {
		return String.format("%040x", new BigInteger(arg.getBytes())).toUpperCase();
	}

	// converts hex string to ASCII
	private static String toASCII(String hexString) {
		StringBuilder result = new StringBuilder();
		for (int i = 0; i < hexString.length(); i += 2) {
			String str = hexString.substring(i, i + 2);
			result.append((char) Integer.parseInt(str, 16));
		}
		return result.toString();
	}

	// launders an uppercase hex string through implicit data flow
	private static String launder(String input) {
		StringBuilder output = new StringBuilder();
		for (char c : input.toCharArray())
			switch (c) {
			case '0':
				output.append('0');
				break;
			case '1':
				output.append('1');
				break;
			case '2':
				output.append('2');
				break;
			case '3':
				output.append('3');
				break;
			case '4':
				output.append('4');
				break;
			case '5':
				output.append('5');
				break;
			case '6':
				output.append('6');
				break;
			case '7':
				output.append('7');
				break;
			case '8':
				output.append('8');
				break;
			case '9':
				output.append('9');
				break;
			case 'A':
				output.append('A');
				break;
			case 'B':
				output.append('B');
				break;
			case 'C':
				output.append('C');
				break;
			case 'D':
				output.append('D');
				break;
			case 'E':
				output.append('E');
				break;
			case 'F':
				output.append('F');
				break;
			}
		return output.toString();
	}
}
	import java.math.BigInteger;

	public class ExpandedDataFlowLaunder {

	public static void main(String args[]) {
	String sensitive = toHex("SECRET_DATA");
	leak(launder(sensitive));
	}

	// a method that should never get sensitive data...
	private static void leak(String data) {
	System.out.println(toASCII(data));
	}

	// converts an ASCII string to hex
	private static String toHex(String arg) {
	return String.format("%040x", new BigInteger(arg.getBytes())).toUpperCase();
	}

	// converts hex string to ASCII
	private static String toASCII(String hexString) {
	StringBuilder result = new StringBuilder();
	for (int i = 0; i < hexString.length(); i += 2) {
	String str = hexString.substring(i, i + 2);
	result.append((char) Integer.parseInt(str, 16));
	}
	return result.toString();
	}

	// launders an uppercase hex string through implicit data flow
	private static String launder(String input) {
	StringBuilder output = new StringBuilder();
	for (char c : input.toCharArray())
	switch (c) {
	case '0':
	output.append('0');
	break;
	case '1':
	output.append('1');
	break;
	case '2':
	output.append('2');
	break;
	case '3':
	output.append('3');
	break;
	case '4':
	output.append('4');
	break;
	case '5':
	output.append('5');
	break;
	case '6':
	output.append('6');
	break;
	case '7':
	output.append('7');
	break;
	case '8':
	output.append('8');
	break;
	case '9':
	output.append('9');
	break;
	case 'A':
	output.append('A');
	break;
	case 'B':
	output.append('B');
	break;
	case 'C':
	output.append('C');
	break;
	case 'D':
	output.append('D');
	break;
	case 'E':
	output.append('E');
	break;
	case 'F':
	output.append('F');
	break;
	}
	return output.toString();
	}
	}