ZeroPathAI · hugbubby · Jun 27, 2024 · Jun 27, 2024 · Jun 27, 2024 · Jun 28, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
diff --git a/.github/workflows/lint-fixer.yml b/.github/workflows/lint-fixer.yml
diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -0,0 +1,32 @@
+name: Scan
+on:
+  pull_request: 
+    types: [opened, reopened]
+
+jobs:
+  Scan:
+    name: "Scan"
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login != 'zeropath-ai-dev[bot]'
+    permissions:
+      pull-requests: write
+      security-events: write
+      statuses: write
+      contents: write
+      issues: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - uses: adventure8812/test-github-actions@main
+        with:
+          zeropath-token: ${{ secrets.ZEROPATH_API_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          pull-url: ${{ github.event.pull_request.html_url }}
+      - name: Run the action
+        uses: guibranco/github-status-action-v2@v1.1.8
+        if: success()
+        with: 
+            authToken: ${{secrets.GITHUB_TOKEN}}
+            context: 'ZeroPath'
+            description: 'scan completed.'
+            state: 'success'
diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
diff --git a/.github/workflows/update-challenges-www.yml b/.github/workflows/update-challenges-www.yml
diff --git a/.github/workflows/update-news-www.yml b/.github/workflows/update-news-www.yml
diff --git a/.github/workflows/zap_scan.yml b/.github/workflows/zap_scan.yml
diff --git a/data/static/codefixes/dbSchemaChallenge_1.ts b/data/static/codefixes/dbSchemaChallenge_1.ts
@@ -2,7 +2,18 @@ module.exports = function searchProducts () {
   return (req: Request, res: Response, next: NextFunction) => {
     let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
-    models.sequelize.query("SELECT * FROM Products WHERE ((name LIKE '%"+criteria+"%' OR description LIKE '%"+criteria+"%') AND deletedAt IS NULL) ORDER BY name")
+    // Fix: Use parameterized query to prevent SQL injection
+    // The previous version concatenated user input directly into the SQL query,
+    // which could allow malicious users to inject arbitrary SQL commands.
+    // This new version uses a parameterized query with the :criteria placeholder,
+    // ensuring that user input is properly escaped and treated as data, not code.
+    models.sequelize.query(
+      "SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name",
+      {
+        replacements: { criteria: `%${criteria}%` },
+        type: models.sequelize.QueryTypes.SELECT
+      }
+    )
       .then(([products]: any) => {
         const dataString = JSON.stringify(products)
         for (let i = 0; i < products.length; i++) {
@@ -14,4 +25,4 @@ module.exports = function searchProducts () {
         next(error.parent)
       })
   }
-}
+}