Skip to content

Demo branch#33

Open
shwetarkadam wants to merge 5 commits into
mainfrom
demo-branch
Open

Demo branch#33
shwetarkadam wants to merge 5 commits into
mainfrom
demo-branch

Conversation

@shwetarkadam

Copy link
Copy Markdown
Contributor

No description provided.

Comment on lines +23 to +39
app.get('/login', (req, res) => {
const user = req.query.username;
const pass = req.query.password;

// Concatenation using a different pattern to obscure SQL injection vulnerability
const query = ['SELECT * FROM users WHERE username = "', user, '" AND password = "', pass, '"'].join('');

db.get(query, (err, row) => {
if (err) {
res.status(500).send('Internal Server Error');
} else if (row) {
res.send('Login successful!');
} else {
res.send('Invalid credentials');
}
});
});

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [a database access](1), but is not rate-limited.
// Slightly obfuscated SQL Injection vulnerability
app.get('/login', (req, res) => {
const user = req.query.username;
const pass = req.query.password;

Check warning

Code scanning / CodeQL

Sensitive data read from GET request

[Route handler](1) for GET requests uses query parameter as sensitive data.
// Concatenation using a different pattern to obscure SQL injection vulnerability
const query = ['SELECT * FROM users WHERE username = "', user, '" AND password = "', pass, '"'].join('');

db.get(query, (err, row) => {

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query string depends on a [user-provided value](1). This query string depends on a [user-provided value](2).
};

// Render profile with potential XSS
res.send(renderProfile(username));

Check failure

Code scanning / CodeQL

Reflected cross-site scripting

Cross-site scripting vulnerability due to a [user-provided value](1).
Comment thread vulnerable.js
const app = express();
const db = mysql.createConnection({
host: 'localhost',
user: 'root',

Check failure

Code scanning / CodeQL

Hard-coded credentials

The hard-coded value "root" is used as [user name](1).
Comment thread vulnerable.js
// Vulnerable SQL Injection Endpoint
app.get('/user/:id', (req, res) => {
const userId = req.params.id;
db.query(`SELECT * FROM users WHERE id = ${userId}`, (err, result) => {

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query string depends on a [user-provided value](1).
Comment thread vulnerable.js
Comment on lines +27 to +36
app.post('/execute', (req, res) => {
const command = req.body.command;
exec(command, (err, stdout, stderr) => {
if (err) {
res.status(500).send('Command execution failed');
return;
}
res.send(`Command output: ${stdout}`);
});
});

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [a system command](1), but is not rate-limited.
Comment thread vulnerable.js
// Vulnerable Command Injection Endpoint
app.post('/execute', (req, res) => {
const command = req.body.command;
exec(command, (err, stdout, stderr) => {

Check failure

Code scanning / CodeQL

Uncontrolled command line

This command line depends on a [user-provided value](1).
Comment thread vulnerable.js
// Vulnerable Hashing (Use of Outdated Cryptographic Practices)
app.post('/hash', (req, res) => {
const password = req.body.password;
const hash = crypto.createHash('md5').update(password).digest('hex');

Check failure

Code scanning / CodeQL

Use of password hash with insufficient computational effort

Password from [an access to password](1) is hashed insecurely. Password from [an access to password](2) is hashed insecurely.
Comment thread vulnerable.js
Comment on lines +46 to +59
app.post('/protobuf', async (req, res) => {
const root = await protobuf.load("example.proto");
const Message = root.lookupType("examplepackage.Message");

const payload = req.body;
const errMsg = Message.verify(payload);
if (errMsg) {
res.status(400).send(`Invalid message: ${errMsg}`);
return;
}

const message = Message.create(payload);
res.send(`Received message: ${JSON.stringify(message)}`);
});

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [authorization](1), but is not rate-limited.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants