diff --git a/.github/workflows/amplify.yml b/.github/workflows/amplify.yml
index bda41a84702..952526bf8c6 100644
--- a/.github/workflows/amplify.yml
+++ b/.github/workflows/amplify.yml
@@ -1,10 +1,12 @@
# .github/workflows/amplify.yml
-name: Amplify Security
+name: Amplify Security # do not modify this line
on:
- pull_request: {}
- workflow_dispatch: {}
+ pull_request: {} # run for all PRs
+ workflow_dispatch: {} # allow manual runs through GitHub UI
push:
- branches: ["master", "main"]
+ branches: ["master", "main"] # add additional iteration or release branch patterns here
+permissions:
+ contents: read # declare default permissions for GITHUB_TOKEN
jobs:
amplify-security-scan:
runs-on: ubuntu-latest
@@ -18,6 +20,7 @@ jobs:
SEMGREP_RULES: >-
p/security-audit
p/secrets
+ # do not modify this step
- uses: actions/upload-artifact@v3
with:
name: amplify-scan
diff --git a/frontend/src/index.html b/frontend/src/index.html
index 3e1e5166c45..9921f17fcdd 100644
--- a/frontend/src/index.html
+++ b/frontend/src/index.html
@@ -28,6 +28,7 @@
</script>
</head>
<body class="mat-app-background bluegrey-lightgreen-theme">
+ test
<app-root></app-root>
</body>
</html>
diff --git a/routes/search.ts b/routes/search.ts
index f831e4b3828..9e777130269 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -1,15 +1,72 @@
-/*
* Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
* SPDX-License-Identifier: MIT
*/
+import models = require('../models/index')
import { Request, Response, NextFunction } from 'express'
+import { UserModel } from '../models/user'
+
+import * as utils from '../lib/utils'
+const challengeUtils = require('../lib/challengeUtils')
+const challenges = require('../data/datacache').challenges
+
+class ErrorWithParent extends Error {
+ parent: Error | undefined
+}
// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- console.log(criteria)
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then(([products]: any) => {
+ const dataString = JSON.stringify(products)
+ if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
+ let solved = true
+ UserModel.findAll().then(data => {
+ const users = utils.queryResultToJson(data)
+ if (users.data?.length) {
+ for (let i = 0; i < users.data.length; i++) {
+ solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)
+ if (!solved) {
+ break
+ }
+ }
+ if (solved) {
+ challengeUtils.solve(challenges.unionSqlInjectionChallenge)
+ }
+ }
+ }).catch((error: Error) => {
+ next(error)
+ })
+ }
+ if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {
+ let solved = true
+ models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {
+ const tableDefinitions = utils.queryResultToJson(data)
+ if (tableDefinitions.data?.length) {
+ for (let i = 0; i < tableDefinitions.data.length; i++) {
+ if (tableDefinitions.data[i].sql) {
+ solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)
+ if (!solved) {
+ break
+ }
+ }
+ }
+ if (solved) {
+ challengeUtils.solve(challenges.dbSchemaChallenge)
+ }
+ }
+ })
+ } // vuln-code-snippet hide-end
+ for (let i = 0; i < products.length; i++) {
+ products[i].name = req.__(products[i].name)
+ products[i].description = req.__(products[i].description)
+ }
+ res.json(utils.queryResultToJson(products))
+ }).catch((error: ErrorWithParent) => {
+ next(error.parent)
+ })
}
}
// vuln-code-snippet end unionSqlInjectionChallenge dbSchemaChallenge