From cc4cccc0612f69487e8fe762babfe8527c11cd7e Mon Sep 17 00:00:00 2001 From: jeff-cycode <163135025+jeff-cycode@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:26:04 -0500 Subject: [PATCH 1/3] Update SecTest.py --- SecTest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecTest.py b/SecTest.py index 5aa7336..60c639b 100644 --- a/SecTest.py +++ b/SecTest.py @@ -1 +1 @@ -password = 'fjdkf7GG@9ikDF5!nZzzz' +password = 'fjdkf7GG@9ikDF5!nZXzz' From 8bb75db7bb5b4104c9bc1f2a7e572ea5caf92fea Mon Sep 17 00:00:00 2001 From: jeff-cycode <163135025+jeff-cycode@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:26:28 -0500 Subject: [PATCH 2/3] Update search.ts --- search.ts | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/search.ts b/search.ts index c77ced4..fbc4389 100644 --- a/search.ts +++ b/search.ts @@ -72,3 +72,60 @@ module.exports = function searchProducts () { } } +// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge +module.exports = function searchProducts () { + return (req: Request, res: Response, next: NextFunction) => { + let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? '' + criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200) + models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge + .then(([products]: any) => { + const dataString = JSON.stringify(products) + if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start + let solved = true + UserModel.findAll().then(data => { + const users = utils.queryResultToJson(data) + if (users.data?.length) { + for (let i = 0; i < users.data.length; i++) { + solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password) + if (!solved) { + break + } + } + if (solved) { + challengeUtils.solve(challenges.unionSqlInjectionChallenge) + } + } + }).catch((error: Error) => { + next(error) + }) + } + if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) { + let solved = true + models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => { + const tableDefinitions = utils.queryResultToJson(data) + if (tableDefinitions.data?.length) { + for (let i = 0; i < tableDefinitions.data.length; i++) { + if (tableDefinitions.data[i].sql) { + solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql) + if (!solved) { + break + } + } + } + if (solved) { + challengeUtils.solve(challenges.dbSchemaChallenge) + } + } + }) + } // vuln-code-snippet hide-end + for (let i = 0; i < products.length; i++) { + products[i].name = req.__(products[i].name) + products[i].description = req.__(products[i].description) + } + res.json(utils.queryResultToJson(products)) + }).catch((error: ErrorWithParent) => { + next(error.parent) + }) + } +} + From 3c5926a181cda4ad51696fa3a450f101d1bb66b1 Mon Sep 17 00:00:00 2001 From: jeff-cycode <163135025+jeff-cycode@users.noreply.github.com> Date: Tue, 3 Dec 2024 15:34:47 -0500 Subject: [PATCH 3/3] Update SecTest.py --- SecTest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecTest.py b/SecTest.py index 60c639b..c36bed6 100644 --- a/SecTest.py +++ b/SecTest.py @@ -1 +1 @@ -password = 'fjdkf7GG@9ikDF5!nZXzz' +password = 'fjdkf7GG@9ikDF5!nZXBz'