From dbbab8628342dc4cd42c673b8f4d1a9a916359ac Mon Sep 17 00:00:00 2001
From: jeff-cycode <163135025+jeff-cycode@users.noreply.github.com>
Date: Mon, 18 Nov 2024 16:51:14 -0500
Subject: [PATCH 1/4] Update pom.xml

---
 java-app/pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/java-app/pom.xml b/java-app/pom.xml
index d136830..be14f12 100644
--- a/java-app/pom.xml
+++ b/java-app/pom.xml
@@ -85,11 +85,11 @@
       <artifactId>arquillian-container-impl-base</artifactId>
       <version>1.7.0.Alpha12</version>
      </dependency>
-      <!-- <dependency>
+      <dependency>
       <groupId>org.jboss.shrinkwrap.descriptors</groupId>
       <artifactId>shrinkwrap-descriptors-api-base</artifactId>
       <version>2.0.0</version>
-     </dependency> -->
+     </dependency>
       <dependency>
       <groupId>org.jboss.shrinkwrap</groupId>
       <artifactId>shrinkwrap-impl-base</artifactId>
@@ -207,4 +207,4 @@
       </plugin>
     </plugins>
   </build>
-</project>
\ No newline at end of file
+</project>

From 066c35c52b09456b1625ff8e28a2de0072166a38 Mon Sep 17 00:00:00 2001
From: jeff-cycode <163135025+jeff-cycode@users.noreply.github.com>
Date: Mon, 18 Nov 2024 16:51:32 -0500
Subject: [PATCH 2/4] Update SecTest.py

---
 SecTest.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecTest.py b/SecTest.py
index 5aa7336..7437692 100644
--- a/SecTest.py
+++ b/SecTest.py
@@ -1 +1 @@
-password = 'fjdkf7GG@9ikDF5!nZzzz'
+password = 'fjdkf7GG@9ikDF5!nZzXz'

From d4dec8fffb2bd5b05079c6edc0a2704c21b8eee2 Mon Sep 17 00:00:00 2001
From: jeff-cycode <163135025+jeff-cycode@users.noreply.github.com>
Date: Mon, 18 Nov 2024 16:51:55 -0500
Subject: [PATCH 3/4] Update search.ts

---
 search.ts | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/search.ts b/search.ts
index c77ced4..a7770fb 100644
--- a/search.ts
+++ b/search.ts
@@ -72,3 +72,59 @@ module.exports = function searchProducts () {
   }
 }
 
+// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
+module.exports = function searchProducts () {
+  return (req: Request, res: Response, next: NextFunction) => {
+    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
+    criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
+    models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+      .then(([products]: any) => {
+        const dataString = JSON.stringify(products)
+        if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
+          let solved = true
+          UserModel.findAll().then(data => {
+            const users = utils.queryResultToJson(data)
+            if (users.data?.length) {
+              for (let i = 0; i < users.data.length; i++) {
+                solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)
+                if (!solved) {
+                  break
+                }
+              }
+              if (solved) {
+                challengeUtils.solve(challenges.unionSqlInjectionChallenge)
+              }
+            }
+          }).catch((error: Error) => {
+            next(error)
+          })
+        }
+        if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {
+          let solved = true
+          models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {
+            const tableDefinitions = utils.queryResultToJson(data)
+            if (tableDefinitions.data?.length) {
+              for (let i = 0; i < tableDefinitions.data.length; i++) {
+                if (tableDefinitions.data[i].sql) {
+                  solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)
+                  if (!solved) {
+                    break
+                  }
+                }
+              }
+              if (solved) {
+                challengeUtils.solve(challenges.dbSchemaChallenge)
+              }
+            }
+          })
+        } // vuln-code-snippet hide-end
+        for (let i = 0; i < products.length; i++) {
+          products[i].name = req.__(products[i].name)
+          products[i].description = req.__(products[i].description)
+        }
+        res.json(utils.queryResultToJson(products))
+      }).catch((error: ErrorWithParent) => {
+        next(error.parent)
+      })
+  }
+}

From 42b08a389765c4448e59b623abf38fcceb1602d1 Mon Sep 17 00:00:00 2001
From: "cycode-security[bot]"
 <54410473+cycode-security[bot]@users.noreply.github.com>
Date: Mon, 18 Nov 2024 21:55:16 +0000
Subject: [PATCH 4/4] [Cycode] Fix for SAST detections - Unsanitized input in
 SQL query

---
 search.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/search.ts b/search.ts
index a7770fb..0adc381 100644
--- a/search.ts
+++ b/search.ts
@@ -77,7 +77,9 @@ module.exports = function searchProducts () {
   return (req: Request, res: Response, next: NextFunction) => {
     let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
-    models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+    const sqlQuery = `SELECT * FROM Products WHERE ((name LIKE ? OR description LIKE ?) AND deletedAt IS NULL) ORDER BY name`;
+    const replacements = [`%${criteria}%`, `%${criteria}%`];
+    models.sequelize.query(sqlQuery, { replacements })
       .then(([products]: any) => {
         const dataString = JSON.stringify(products)
         if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start