AutoFix PR

src/Controllers/ImageLookup.js

@@ -3,13 +3,36 @@ const { logger } = require("../Logger");
 
 class ImageLookup {
   get(req, res) {
+	const fs = require('fs');
+	const path = require('path');
+	const logger = require('./logger');
+
+	function get(req, res) {
     /* File Traversal exploit */
     /* Can read any file in the server by passing the filename (image) in the query params */
     /* ex: http GET http://localhost:8089/api/v1/image-lookup image=="package.json" */
-    const fileContent = fs.readFileSync(req.query.image).toString();
-    logger.debug(fileContent);
-    res.send(fileContent);
-  }
-}
+
+    /* Step 1: Validate the input */
+    if (!req.query.image) {
+      return res.status(400).send('Missing image parameter');
+    }
+
+    /* Step 2: Sanitize the input */
+    /* This is a basic sanitization to prevent directory traversal attacks */
+    const sanitizedImage = path.normalize(req.query.image).replace(/^(\.\.(\/|\\|$))+/, '');
+
+    /* Step 3: Use the sanitized input to read the file */
+    const filePath = path.join(__dirname, sanitizedImage);
+    try {
+      const fileContent = fs.readFileSync(filePath).toString();
+      logger.debug(fileContent);
+      res.send(fileContent);
+    } catch (error) {
+      /* Handle the error appropriately */
+      res.status(500).send('Error reading file');
+    }
+	}
+
 
 module.exports = ImageLookup;
+

src/Controllers/Login.js

@@ -11,15 +11,20 @@ class Login {
   }
 
   encryptData(secretText) {
-    const crypto = require('crypto');
+	const crypto = require('crypto');
 
-    // Weak encryption
-    const desCipher = crypto.createCipheriv(
-      'des',
-      "This is a simple password, don't guess it"
-    );
-    return desCipher.write(secretText, 'utf8', 'hex'); // BAD: weak encryption
-  }
+	function encryptData(secretText) {
+	  // Strong encryption using AES-256-CBC
+	  const key = crypto.randomBytes(32);
+	  const iv = crypto.randomBytes(16);
+
+	  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
+
+	  let encrypted = cipher.update(secretText, 'utf8', 'hex');
+	  encrypted += cipher.final('hex');
+
+	  return { iv: iv.toString('hex'), encryptedData: encrypted };
+	}
 
   async handleLogin(req, res, client, data) {
     const { username, password, keeponline } = data;
@@ -97,3 +102,4 @@ class Login {
 }
 
 module.exports = Login;
+

src/Controllers/Order.js

@@ -15,10 +15,17 @@ class Order {
   }
 
   decryptData(encryptedText) {
-    const desCipher = crypto.createDecipheriv('des', encryptionKey);
-    return desCipher.update(encryptedText);
-  }
-  addToOrder(req, res) {
+	const crypto = require('crypto');
+	const algorithm = 'aes-256-cbc'; // or any other secure algorithm
+	const key = crypto.scryptSync(encryptionKey, 'salt', 32);
+
+	function decryptData(encryptedText) {
+	    const decipher = crypto.createDecipheriv(algorithm, key);
+	    let decrypted = decipher.update(encryptedText, 'hex', 'utf8');
+	    decrypted += decipher.final('utf8');
+	    return decrypted;
+	}
+
     const order = req.body;
     console.log(req.body);
     if (req.session.orders) {
@@ -119,3 +126,4 @@ class Order {
 }
 
 module.exports = new Order();
+

src/views.js

@@ -9,24 +9,30 @@ module.exports = app => {
   app.get(`/login`, (req, res) => res.render('Login'));
 
   app.get(`/user-input`, (req, res) => {
+	const sanitizeHtml = require('sanitize-html');
+
+	(req, res) => {
     /*
       User input vulnerability,
       if the user passes vulnerable javascipt code, its executed in user's browser
       ex: alert('hi')
     */
     let result = '';
     try {
-      result = require('util').inspect(eval(req.query.userInput));
+      // Sanitize user input to prevent code injection
+      const sanitizedInput = sanitizeHtml(req.query.userInput);
+      result = require('util').inspect(eval(sanitizedInput));
     } catch (ex) {
       console.error(ex);
     }
     res.render('UserInput', {
-      userInput: req.query.userInput,
+      userInput: sanitizedInput, // Use sanitized input in the view
       result,
       date: new Date().toUTCString()
     });
-  });
+  }
 
   app.get(`/`, secured.get);
   app.post(`/`, secured.post);
 };
+