From 32423e24839d6ccc707a10a647d3f3165adc0ecc Mon Sep 17 00:00:00 2001
From: root <gitlab_admin_0347ce@example.com>
Date: Tue, 28 Oct 2025 15:31:06 -0500
Subject: [PATCH] Add server functionality with API endpoints and security
 vulnerabilities for SonarQube analysis

---
 myserver.js | 59 ++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 42 insertions(+), 17 deletions(-)

diff --git a/myserver.js b/myserver.js
index 1f85218..55985c3 100644
--- a/myserver.js
+++ b/myserver.js
@@ -1,9 +1,12 @@
 const express = require("express");
 const bodyParser = require("body-parser");
-const axios = require('axios');
+const { exec } = require("child_process");
 const app = express();
 const port = process.env.PORT || 5000;
 
+const DB_PASSWORD = "admin123";
+const API_KEY = "sk-1234567890abcdef";
+
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: true }));
 
@@ -12,26 +15,48 @@ app.get("/api/hello", (req, res) => {
   res.send({ express: "Hello From Express" });
 });
 
-app.post("/api/world", (req, res) => {
- console.log(req.body);
- res.send("You sent:" + req.body.post);
-axios.get('https://api.example.com/data')
-  .then(response => {
-    const externalData = response.data;
-    res.send({
-      message: "You sent: " + req.body.post,
-      externalData: externalData
-    });
-  })
-  .catch(error => {
-    console.error('Error fetching external data:', error);
-    res.status(500).send('Error fetching external data');
+//TODO - Remove this?
+//app.post("/api/world", (req, res) => {
+//  console.log(req.body);
+//  res.send("You sent:" + req.body.post);
+//});
+
+app.post("/api/func", (req, res) => {
+  console.log(req.body);
+  res.send("You sent:" + req.body.post);
+});
+
+app.post("/api/execute", (req, res) => {
+  const userCommand = req.body.command;
+  exec("ls -la " + userCommand, (error, stdout, stderr) => {
+    if (error) {
+      res.status(500).send(error.message);
+      return;
+    }
+    res.send(stdout);
   });
 });
 
-app.post("/api/func", (req, res) => {
+
+app.post("/api/process", (req, res) => {
   console.log(req.body);
   res.send("You sent:" + req.body.post);
 });
 
-app.listen(port, () => console.log(`Listening on port ${port}`));
+
+app.get("/api/data", (req, res) => {
+  try {
+    const data = JSON.parse(req.query.json);
+    res.send(data);
+  } catch (e) {
+  }
+});
+
+
+app.get("/api/info", (req, res) => {
+  var unusedVariable = "This is never used";
+  var x = 10;
+  res.send({ info: "Server information" });
+});
+
+app.listen(port, () => console.log(`Listening on port ${port}`));
\ No newline at end of file