Vulnerable branch #107
Vulnerable branch #107
Conversation
![Amplify [Lab]](https://avatars.githubusercontent.com/in/347747?s=40&u=f167c38980969fad1d181fdacb66403b97c6399a&v=4){kind=avatar}
✨ Amplify has finished checking this pull requestSecurity Pipeline
Vulnerabilities Detected
Note For more details, visit Amplify Security. |
![amplify-lab[bot]](https://avatars.githubusercontent.com/in/347747?s=60&v=4){kind=small}
|
|
||
| // vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge | ||
| module.exports = function searchProducts() { | ||
| return (req: Request, res: Response, next: NextFunction) => { | ||
| let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? '' | ||
| criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200) | ||
| console.log(criteria) | ||
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge |
There was a problem hiding this comment.
Warning
Amplify has been notified that this line contains a vulnerability 🕷️.
Vulnerability: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Impact: HIGH
Guidance: ✅
Code Fix: ✅
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge | |
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` } }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge |
The code change fixes the SQL Injection vulnerability by using parameterized queries instead of directly concatenating user input into the SQL query string.
In the original code, the user input criteria is directly interpolated into the SQL query string using string concatenation. This allows an attacker to manipulate the criteria value and inject malicious SQL code, potentially leading to unauthorized access or data manipulation.
The code change introduces a parameterized query by using placeholders (:criteria) in the SQL query string and passing the actual value (%${criteria}%) as a parameter using the replacements option. This ensures that the user input is properly escaped and treated as data, preventing any SQL injection attacks.
By using parameterized queries, the code change ensures that the user input is properly sanitized and eliminates the risk of SQL injection vulnerabilities.
For more information on SQL injection vulnerabilities and how to prevent them, you can refer to the OWASP SQL Injection Prevention Cheat Sheet: OWASP SQL Injection Prevention Cheat Sheet
Note
Have a question or concern about this vulnerability fix? Get an answer within seconds by asking our Concierge 🤖 with @amplify-security.
i.e. @amplify-security are there known performance issues resulting from this fix?
Description
A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context.
Resolved or fixed issue:
Affirmation