Skip to content

Jr train 1 #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jeff-cycode wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Jr train 1 #8

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cb18129
Update SecTest.py
jeff-cycode Nov 14, 2024
08844a7
Update search.ts
jeff-cycode Nov 14, 2024
27d3f65
[Cycode] Fix for SAST detections - Unsanitized input in SQL query
cycode-security[bot] Nov 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion SecTest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
password = 'fjdkf7GG@9ikDF5!nZzzz'
password = 'fjdkf7GG@9ikDF5!nZzXz'
Comment thread
cycode-security[bot] marked this conversation as resolved.
57 changes: 57 additions & 0 deletions search.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,60 @@ module.exports = function searchProducts () {
}
}

// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
module.exports = function searchProducts () {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
Comment thread
cycode-security[bot] marked this conversation as resolved.
Outdated
.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
UserModel.findAll().then(data => {
const users = utils.queryResultToJson(data)
if (users.data?.length) {
for (let i = 0; i < users.data.length; i++) {
solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)
if (!solved) {
break
}
}
if (solved) {
challengeUtils.solve(challenges.unionSqlInjectionChallenge)
}
}
}).catch((error: Error) => {
next(error)
})
}
if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {
let solved = true
models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {
const tableDefinitions = utils.queryResultToJson(data)
if (tableDefinitions.data?.length) {
for (let i = 0; i < tableDefinitions.data.length; i++) {
if (tableDefinitions.data[i].sql) {
solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)
if (!solved) {
break
}
}
}
if (solved) {
challengeUtils.solve(challenges.dbSchemaChallenge)
}
}
})
} // vuln-code-snippet hide-end
for (let i = 0; i < products.length; i++) {
products[i].name = req.__(products[i].name)
products[i].description = req.__(products[i].description)
}
res.json(utils.queryResultToJson(products))
}).catch((error: ErrorWithParent) => {
next(error.parent)
})
}
}