Skip to content

Jefftest #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jeff-cycode wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Jefftest #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
dae02bd
Update SecTest.py
jeff-cycode Nov 13, 2024
30aa5dc
Update search.ts
jeff-cycode Nov 13, 2024
d3d6888
[Cycode] Fix for SAST detections - Unsanitized input in SQL query
cycode-security[bot] Nov 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion SecTest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
password = 'fjdkf7GG@9ikDF5!nZzzz'
password = 'fjdkf7GG@9ikDF5!nZXzz'
70 changes: 70 additions & 0 deletions search.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,73 @@ module.exports = function searchProducts () {
}
}

// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
module.exports = function searchProducts () {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
const { Sequelize } = require('sequelize');
const sequelize = models.sequelize;
const query = `
SELECT * FROM Products
WHERE (
(name LIKE :criteria OR description LIKE :criteria)
AND deletedAt IS NULL
)
ORDER BY name
`;
const replacements = {
criteria: `%${criteria}%`,
};
sequelize.query(query, { replacements })
.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
UserModel.findAll().then(data => {
const users = utils.queryResultToJson(data)
if (users.data?.length) {
for (let i = 0; i < users.data.length; i++) {
solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)
if (!solved) {
break
}
}
if (solved) {
challengeUtils.solve(challenges.unionSqlInjectionChallenge)
}
}
}).catch((error: Error) => {
next(error)
})
}
if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {
let solved = true
models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {
const tableDefinitions = utils.queryResultToJson(data)
if (tableDefinitions.data?.length) {
for (let i = 0; i < tableDefinitions.data.length; i++) {
if (tableDefinitions.data[i].sql) {
solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)
if (!solved) {
break
}
}
}
if (solved) {
challengeUtils.solve(challenges.dbSchemaChallenge)
}
}
})
} // vuln-code-snippet hide-end
for (let i = 0; i < products.length; i++) {
products[i].name = req.__(products[i].name)
products[i].description = req.__(products[i].description)
}
res.json(utils.queryResultToJson(products))
}).catch((error: ErrorWithParent) => {
next(error.parent)
})
}
}