Skip to content

Intentional vulnerable#32

Open
shwetarkadam wants to merge 4 commits into
mainfrom
intentional-vulnerable
Open

Intentional vulnerable#32
shwetarkadam wants to merge 4 commits into
mainfrom
intentional-vulnerable

Conversation

@shwetarkadam

Copy link
Copy Markdown
Contributor

No description provided.

Comment on lines +23 to +39
app.get('/login', (req, res) => {
const user = req.query.username;
const pass = req.query.password;

// Concatenation using a different pattern to obscure SQL injection vulnerability
const query = ['SELECT * FROM users WHERE username = "', user, '" AND password = "', pass, '"'].join('');

db.get(query, (err, row) => {
if (err) {
res.status(500).send('Internal Server Error');
} else if (row) {
res.send('Login successful!');
} else {
res.send('Invalid credentials');
}
});
});

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [a database access](1), but is not rate-limited.
// Slightly obfuscated SQL Injection vulnerability
app.get('/login', (req, res) => {
const user = req.query.username;
const pass = req.query.password;

Check warning

Code scanning / CodeQL

Sensitive data read from GET request

[Route handler](1) for GET requests uses query parameter as sensitive data.
// Concatenation using a different pattern to obscure SQL injection vulnerability
const query = ['SELECT * FROM users WHERE username = "', user, '" AND password = "', pass, '"'].join('');

db.get(query, (err, row) => {

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query string depends on a [user-provided value](1). This query string depends on a [user-provided value](2).
};

// Render profile with potential XSS
res.send(renderProfile(username));

Check failure

Code scanning / CodeQL

Reflected cross-site scripting

Cross-site scripting vulnerability due to a [user-provided value](1).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants