Demo branch#33
Conversation
| app.get('/login', (req, res) => { | ||
| const user = req.query.username; | ||
| const pass = req.query.password; | ||
|
|
||
| // Concatenation using a different pattern to obscure SQL injection vulnerability | ||
| const query = ['SELECT * FROM users WHERE username = "', user, '" AND password = "', pass, '"'].join(''); | ||
|
|
||
| db.get(query, (err, row) => { | ||
| if (err) { | ||
| res.status(500).send('Internal Server Error'); | ||
| } else if (row) { | ||
| res.send('Login successful!'); | ||
| } else { | ||
| res.send('Invalid credentials'); | ||
| } | ||
| }); | ||
| }); |
Check failure
Code scanning / CodeQL
Missing rate limiting
| // Slightly obfuscated SQL Injection vulnerability | ||
| app.get('/login', (req, res) => { | ||
| const user = req.query.username; | ||
| const pass = req.query.password; |
Check warning
Code scanning / CodeQL
Sensitive data read from GET request
| // Concatenation using a different pattern to obscure SQL injection vulnerability | ||
| const query = ['SELECT * FROM users WHERE username = "', user, '" AND password = "', pass, '"'].join(''); | ||
|
|
||
| db.get(query, (err, row) => { |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources
| }; | ||
|
|
||
| // Render profile with potential XSS | ||
| res.send(renderProfile(username)); |
Check failure
Code scanning / CodeQL
Reflected cross-site scripting
| const app = express(); | ||
| const db = mysql.createConnection({ | ||
| host: 'localhost', | ||
| user: 'root', |
Check failure
Code scanning / CodeQL
Hard-coded credentials
| // Vulnerable SQL Injection Endpoint | ||
| app.get('/user/:id', (req, res) => { | ||
| const userId = req.params.id; | ||
| db.query(`SELECT * FROM users WHERE id = ${userId}`, (err, result) => { |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources
| app.post('/execute', (req, res) => { | ||
| const command = req.body.command; | ||
| exec(command, (err, stdout, stderr) => { | ||
| if (err) { | ||
| res.status(500).send('Command execution failed'); | ||
| return; | ||
| } | ||
| res.send(`Command output: ${stdout}`); | ||
| }); | ||
| }); |
Check failure
Code scanning / CodeQL
Missing rate limiting
| // Vulnerable Command Injection Endpoint | ||
| app.post('/execute', (req, res) => { | ||
| const command = req.body.command; | ||
| exec(command, (err, stdout, stderr) => { |
Check failure
Code scanning / CodeQL
Uncontrolled command line
| // Vulnerable Hashing (Use of Outdated Cryptographic Practices) | ||
| app.post('/hash', (req, res) => { | ||
| const password = req.body.password; | ||
| const hash = crypto.createHash('md5').update(password).digest('hex'); |
Check failure
Code scanning / CodeQL
Use of password hash with insufficient computational effort
| app.post('/protobuf', async (req, res) => { | ||
| const root = await protobuf.load("example.proto"); | ||
| const Message = root.lookupType("examplepackage.Message"); | ||
|
|
||
| const payload = req.body; | ||
| const errMsg = Message.verify(payload); | ||
| if (errMsg) { | ||
| res.status(400).send(`Invalid message: ${errMsg}`); | ||
| return; | ||
| } | ||
|
|
||
| const message = Message.create(payload); | ||
| res.send(`Received message: ${JSON.stringify(message)}`); | ||
| }); |
Check failure
Code scanning / CodeQL
Missing rate limiting
No description provided.