Skip to content

Jr train 0 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jeff-cycode wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Jr train 0 #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4bd0f00
Update SecTest.py
jeff-cycode Nov 14, 2024
fe8608d
Update search.ts
jeff-cycode Nov 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion SecTest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
password = 'fjdkf7GG@9ikDF5!nZzzz'
password = 'fjdkf7GG@9ikDF5!nZXzz'
Copy link

@cycode-security cycode-security bot Nov 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 99%

Description

A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.

Tell us what how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_ignore_here Applies to this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

Copy link

@cycode-security cycode-security bot Jun 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 99%
SHA: a203e13f81

Description

A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.

Company Remediation Guideline

Please see http://www.espn.com for more info

Tell us what how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_secret_false_positive <reason> Applies to this secret value for all repos in your organization
#cycode_secret_revoked Applies to this secret value for all repos in your organization
#cycode_secret_ignore_everywhere <reason> Applies to this secret value for all repos in your organization
#cycode_secret_ignore_here <reason> Applies to this request only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

57 changes: 57 additions & 0 deletions search.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,60 @@ module.exports = function searchProducts () {
}
}

// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
module.exports = function searchProducts () {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
Copy link

@cycode-security cycode-security bot Nov 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: SAST violation: 'Unsanitized input in SQL query'.

Severity: Critical

Description

Using unsanitized data, such as user input or request data, or externally influenced data passed to a function, in SQL query exposes your application to SQL injection attacks. This vulnerability arises when externally controlled data is directly included in SQL statements without proper sanitation, allowing attackers to manipulate queries and access or modify data.

Cycode Remediation Guideline

✅ Do

  • Do validate all query inputs to ensure they meet expected patterns or values before using them in a query.
var rawId = req.params.userId
if !(/[0-9]+/.test(rawId)) {
  // input is unexpected; don't make the query
}
  • Do use prepared (or parameterized) statements for querying databases to safely include external input.
var sqlite = new Sequelize("sqlite::memory:");
sqlite.query(
  "SELECT * FROM users WHERE ID = ?",
  { replacements: [req.params.userId] },
  type: sequelize.QueryTypes.SELECT
)

❌ Don't

  • Do not use raw SQL queries that concatenate unsanitized input directly.
var sqlite = new Sequelize("sqlite::memory:");
sqlite.query("SELECT * FROM users WHERE ID = " + req.params.userId); // unsafe

📋 References

Tell us what how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_ai_remediation Request remediation guidance using Cycode AI
#cycode_sast_ignore_here Ignore this violation — applies to this violation only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

Copy link

@cycode-security cycode-security bot Jun 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: SAST violation: 'Unsanitized input in SQL query'.

Severity: Critical

Description

Using unsanitized data, such as user input or request data, or externally influenced data passed to a function, in SQL query exposes your application to SQL injection attacks. This vulnerability arises when externally controlled data is directly included in SQL statements without proper sanitation, allowing attackers to manipulate queries and access or modify data.

Company Remediation Guideline

Please see http://www.espn.com for more information on we would prefer to have you mitigate this violation.

🎥 Learning materials (by Secure Code Warrior)

Tell us what how you wish to proceed using one of the following commands:

Tag Short Description
#cycode_sast_false_positive <reason> Mark as false positive — applies to this violation only
#cycode_ai_remediation Request remediation guidance using Cycode AI
#cycode_sast_ignore_here <reason> Ignore this violation — applies to this violation only

⚠️ When commenting on Github, you may need to refresh the page to see the latest updates.

.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
UserModel.findAll().then(data => {
const users = utils.queryResultToJson(data)
if (users.data?.length) {
for (let i = 0; i < users.data.length; i++) {
solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)
if (!solved) {
break
}
}
if (solved) {
challengeUtils.solve(challenges.unionSqlInjectionChallenge)
}
}
}).catch((error: Error) => {
next(error)
})
}
if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {
let solved = true
models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {
const tableDefinitions = utils.queryResultToJson(data)
if (tableDefinitions.data?.length) {
for (let i = 0; i < tableDefinitions.data.length; i++) {
if (tableDefinitions.data[i].sql) {
solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)
if (!solved) {
break
}
}
}
if (solved) {
challengeUtils.solve(challenges.dbSchemaChallenge)
}
}
})
} // vuln-code-snippet hide-end
for (let i = 0; i < products.length; i++) {
products[i].name = req.__(products[i].name)
products[i].description = req.__(products[i].description)
}
res.json(utils.queryResultToJson(products))
}).catch((error: ErrorWithParent) => {
next(error.parent)
})
}
}