From f3248e70d60dc1eab4c98ba3e63a688a199d681a Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Wed, 28 Jun 2023 19:15:59 -0500
Subject: [PATCH 01/22] Added search query + introduced vulnerability
---
routes/search.ts | 60 +++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 59 insertions(+), 1 deletion(-)
diff --git a/routes/search.ts b/routes/search.ts
index f831e4b3828..9306771b68c 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -2,14 +2,72 @@
* Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
* SPDX-License-Identifier: MIT
*/
+import models = require('../models/index')
import { Request, Response, NextFunction } from 'express'
+import { UserModel } from '../models/user'
+
+import * as utils from '../lib/utils'
+const challengeUtils = require('../lib/challengeUtils')
+const challenges = require('../data/datacache').challenges
+
+class ErrorWithParent extends Error {
+ parent: Error | undefined
+}
// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- console.log(criteria)
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then(([products]: any) => {
+ const dataString = JSON.stringify(products)
+ if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
+ let solved = true
+ UserModel.findAll().then(data => {
+ const users = utils.queryResultToJson(data)
+ if (users.data?.length) {
+ for (let i = 0; i < users.data.length; i++) {
+ solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)
+ if (!solved) {
+ break
+ }
+ }
+ if (solved) {
+ challengeUtils.solve(challenges.unionSqlInjectionChallenge)
+ }
+ }
+ }).catch((error: Error) => {
+ next(error)
+ })
+ }
+ if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {
+ let solved = true
+ models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {
+ const tableDefinitions = utils.queryResultToJson(data)
+ if (tableDefinitions.data?.length) {
+ for (let i = 0; i < tableDefinitions.data.length; i++) {
+ if (tableDefinitions.data[i].sql) {
+ solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)
+ if (!solved) {
+ break
+ }
+ }
+ }
+ if (solved) {
+ challengeUtils.solve(challenges.dbSchemaChallenge)
+ }
+ }
+ })
+ } // vuln-code-snippet hide-end
+ for (let i = 0; i < products.length; i++) {
+ products[i].name = req.__(products[i].name)
+ products[i].description = req.__(products[i].description)
+ }
+ res.json(utils.queryResultToJson(products))
+ }).catch((error: ErrorWithParent) => {
+ next(error.parent)
+ })
}
}
// vuln-code-snippet end unionSqlInjectionChallenge dbSchemaChallenge
From b0ada84a4cbdb0e003ca9dfe223452f502908cbd Mon Sep 17 00:00:00 2001
From: "amplify-local[bot]"
<132378550+amplify-local[bot]@users.noreply.github.com>
Date: Tue, 2 Jan 2024 23:10:53 +0000
Subject: [PATCH 02/22] Amplify Security - Code fix for CWE-89 accepted
---
routes/search.ts | 74 +-----------------------------------------------
1 file changed, 1 insertion(+), 73 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index 9306771b68c..7f12e422e7a 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -1,73 +1 @@
-/*
- * Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
- * SPDX-License-Identifier: MIT
- */
-import models = require('../models/index')
-import { Request, Response, NextFunction } from 'express'
-import { UserModel } from '../models/user'
-
-import * as utils from '../lib/utils'
-const challengeUtils = require('../lib/challengeUtils')
-const challenges = require('../data/datacache').challenges
-
-class ErrorWithParent extends Error {
- parent: Error | undefined
-}
-
-// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
-module.exports = function searchProducts() {
- return (req: Request, res: Response, next: NextFunction) => {
- let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
- criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then(([products]: any) => {
- const dataString = JSON.stringify(products)
- if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
- let solved = true
- UserModel.findAll().then(data => {
- const users = utils.queryResultToJson(data)
- if (users.data?.length) {
- for (let i = 0; i < users.data.length; i++) {
- solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)
- if (!solved) {
- break
- }
- }
- if (solved) {
- challengeUtils.solve(challenges.unionSqlInjectionChallenge)
- }
- }
- }).catch((error: Error) => {
- next(error)
- })
- }
- if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {
- let solved = true
- models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {
- const tableDefinitions = utils.queryResultToJson(data)
- if (tableDefinitions.data?.length) {
- for (let i = 0; i < tableDefinitions.data.length; i++) {
- if (tableDefinitions.data[i].sql) {
- solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)
- if (!solved) {
- break
- }
- }
- }
- if (solved) {
- challengeUtils.solve(challenges.dbSchemaChallenge)
- }
- }
- })
- } // vuln-code-snippet hide-end
- for (let i = 0; i < products.length; i++) {
- products[i].name = req.__(products[i].name)
- products[i].description = req.__(products[i].description)
- }
- res.json(utils.queryResultToJson(products))
- }).catch((error: ErrorWithParent) => {
- next(error.parent)
- })
- }
-}
-// vuln-code-snippet end unionSqlInjectionChallenge dbSchemaChallenge
+LyoKICogQ29weXJpZ2h0IChjKSAyMDE0LTIwMjMgQmpvZXJuIEtpbW1pbmljaCAmIHRoZSBPV0FTUCBKdWljZSBTaG9wIGNvbnRyaWJ1dG9ycy4KICogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IE1JVAogKi8KaW1wb3J0IG1vZGVscyA9IHJlcXVpcmUoJy4uL21vZGVscy9pbmRleCcpCmltcG9ydCB7IFJlcXVlc3QsIFJlc3BvbnNlLCBOZXh0RnVuY3Rpb24gfSBmcm9tICdleHByZXNzJwppbXBvcnQgeyBVc2VyTW9kZWwgfSBmcm9tICcuLi9tb2RlbHMvdXNlcicKCmltcG9ydCAqIGFzIHV0aWxzIGZyb20gJy4uL2xpYi91dGlscycKY29uc3QgY2hhbGxlbmdlVXRpbHMgPSByZXF1aXJlKCcuLi9saWIvY2hhbGxlbmdlVXRpbHMnKQpjb25zdCBjaGFsbGVuZ2VzID0gcmVxdWlyZSgnLi4vZGF0YS9kYXRhY2FjaGUnKS5jaGFsbGVuZ2VzCgpjbGFzcyBFcnJvcldpdGhQYXJlbnQgZXh0ZW5kcyBFcnJvciB7CiAgcGFyZW50OiBFcnJvciB8IHVuZGVmaW5lZAp9CgovLyB2dWxuLWNvZGUtc25pcHBldCBzdGFydCB1bmlvblNxbEluamVjdGlvbkNoYWxsZW5nZSBkYlNjaGVtYUNoYWxsZW5nZQptb2R1bGUuZXhwb3J0cyA9IGZ1bmN0aW9uIHNlYXJjaFByb2R1Y3RzKCkgewogIHJldHVybiAocmVxOiBSZXF1ZXN0LCByZXM6IFJlc3BvbnNlLCBuZXh0OiBOZXh0RnVuY3Rpb24pID0+IHsKICAgIGxldCBjcml0ZXJpYTogYW55ID0gcmVxLnF1ZXJ5LnEgPT09ICd1bmRlZmluZWQnID8gJycgOiByZXEucXVlcnkucSA/PyAnJwogICAgY3JpdGVyaWEgPSAoY3JpdGVyaWEubGVuZ3RoIDw9IDIwMCkgPyBjcml0ZXJpYSA6IGNyaXRlcmlhLnN1YnN0cmluZygwLCAyMDApCiAgICBtb2RlbHMuc2VxdWVsaXplLnF1ZXJ5KGBTRUxFQ1QgKiBGUk9NIFByb2R1Y3RzIFdIRVJFICgobmFtZSBMSUtFIDpjcml0ZXJpYSBPUiBkZXNjcmlwdGlvbiBMSUtFIDpjcml0ZXJpYSkgQU5EIGRlbGV0ZWRBdCBJUyBOVUxMKSBPUkRFUiBCWSBuYW1lYCwgeyByZXBsYWNlbWVudHM6IHsgY3JpdGVyaWE6IGAlJHtjcml0ZXJpYX0lYCB9IH0pIC8vIHZ1bG4tY29kZS1zbmlwcGV0IHZ1bG4tbGluZSB1bmlvblNxbEluamVjdGlvbkNoYWxsZW5nZSBkYlNjaGVtYUNoYWxsZW5nZQogICAgICAudGhlbigoW3Byb2R1Y3RzXTogYW55KSA9PiB7CiAgICAgICAgY29uc3QgZGF0YVN0cmluZyA9IEpTT04uc3RyaW5naWZ5KHByb2R1Y3RzKQogICAgICAgIGlmIChjaGFsbGVuZ2VVdGlscy5ub3RTb2x2ZWQoY2hhbGxlbmdlcy51bmlvblNxbEluamVjdGlvbkNoYWxsZW5nZSkpIHsgLy8gdnVsbi1jb2RlLXNuaXBwZXQgaGlkZS1zdGFydAogICAgICAgICAgbGV0IHNvbHZlZCA9IHRydWUKICAgICAgICAgIFVzZXJNb2RlbC5maW5kQWxsKCkudGhlbihkYXRhID0+IHsKICAgICAgICAgICAgY29uc3QgdXNlcnMgPSB1dGlscy5xdWVyeVJlc3VsdFRvSnNvbihkYXRhKQogICAgICAgICAgICBpZiAodXNlcnMuZGF0YT8ubGVuZ3RoKSB7CiAgICAgICAgICAgICAgZm9yIChsZXQgaSA9IDA7IGkgPCB1c2Vycy5kYXRhLmxlbmd0aDsgaSsrKSB7CiAgICAgICAgICAgICAgICBzb2x2ZWQgPSBzb2x2ZWQgJiYgdXRpbHMuY29udGFpbnNPckVzY2FwZWQoZGF0YVN0cmluZywgdXNlcnMuZGF0YVtpXS5lbWFpbCkgJiYgdXRpbHMuY29udGFpbnMoZGF0YVN0cmluZywgdXNlcnMuZGF0YVtpXS5wYXNzd29yZCkKICAgICAgICAgICAgICAgIGlmICghc29sdmVkKSB7CiAgICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgfQogICAgICAgICAgICAgIGlmIChzb2x2ZWQpIHsKICAgICAgICAgICAgICAgIGNoYWxsZW5nZVV0aWxzLnNvbHZlKGNoYWxsZW5nZXMudW5pb25TcWxJbmplY3Rpb25DaGFsbGVuZ2UpCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICB9KS5jYXRjaCgoZXJyb3I6IEVycm9yKSA9PiB7CiAgICAgICAgICAgIG5leHQoZXJyb3IpCiAgICAgICAgICB9KQogICAgICAgIH0KICAgICAgICBpZiAoY2hhbGxlbmdlVXRpbHMubm90U29sdmVkKGNoYWxsZW5nZXMuZGJTY2hlbWFDaGFsbGVuZ2UpKSB7CiAgICAgICAgICBsZXQgc29sdmVkID0gdHJ1ZQogICAgICAgICAgbW9kZWxzLnNlcXVlbGl6ZS5xdWVyeSgnU0VMRUNUIHNxbCBGUk9NIHNxbGl0ZV9tYXN0ZXInKS50aGVuKChbZGF0YV06IGFueSkgPT4gewogICAgICAgICAgICBjb25zdCB0YWJsZURlZmluaXRpb25zID0gdXRpbHMucXVlcnlSZXN1bHRUb0pzb24oZGF0YSkKICAgICAgICAgICAgaWYgKHRhYmxlRGVmaW5pdGlvbnMuZGF0YT8ubGVuZ3RoKSB7CiAgICAgICAgICAgICAgZm9yIChsZXQgaSA9IDA7IGkgPCB0YWJsZURlZmluaXRpb25zLmRhdGEubGVuZ3RoOyBpKyspIHsKICAgICAgICAgICAgICAgIGlmICh0YWJsZURlZmluaXRpb25zLmRhdGFbaV0uc3FsKSB7CiAgICAgICAgICAgICAgICAgIHNvbHZlZCA9IHNvbHZlZCAmJiB1dGlscy5jb250YWluc09yRXNjYXBlZChkYXRhU3RyaW5nLCB0YWJsZURlZmluaXRpb25zLmRhdGFbaV0uc3FsKQogICAgICAgICAgICAgICAgICBpZiAoIXNvbHZlZCkgewogICAgICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgaWYgKHNvbHZlZCkgewogICAgICAgICAgICAgICAgY2hhbGxlbmdlVXRpbHMuc29sdmUoY2hhbGxlbmdlcy5kYlNjaGVtYUNoYWxsZW5nZSkKICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICAgIH0pCiAgICAgICAgfSAvLyB2dWxuLWNvZGUtc25pcHBldCBoaWRlLWVuZAogICAgICAgIGZvciAobGV0IGkgPSAwOyBpIDwgcHJvZHVjdHMubGVuZ3RoOyBpKyspIHsKICAgICAgICAgIHByb2R1Y3RzW2ldLm5hbWUgPSByZXEuX18ocHJvZHVjdHNbaV0ubmFtZSkKICAgICAgICAgIHByb2R1Y3RzW2ldLmRlc2NyaXB0aW9uID0gcmVxLl9fKHByb2R1Y3RzW2ldLmRlc2NyaXB0aW9uKQogICAgICAgIH0KICAgICAgICByZXMuanNvbih1dGlscy5xdWVyeVJlc3VsdFRvSnNvbihwcm9kdWN0cykpCiAgICAgIH0pLmNhdGNoKChlcnJvcjogRXJyb3JXaXRoUGFyZW50KSA9PiB7CiAgICAgICAgbmV4dChlcnJvci5wYXJlbnQpCiAgICAgIH0pCiAgfQp9Ci8vIHZ1bG4tY29kZS1zbmlwcGV0IGVuZCB1bmlvblNxbEluamVjdGlvbkNoYWxsZW5nZSBkYlNjaGVtYUNoYWxsZW5nZQo=
\ No newline at end of file
From 4a425aa61fbe0cdca389ac6fec927a2e1d450973 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Tue, 2 Jan 2024 17:15:39 -0600
Subject: [PATCH 03/22] Revert "Amplify Security - Code fix for CWE-89
accepted"
This reverts commit b0ada84a4cbdb0e003ca9dfe223452f502908cbd.
---
routes/search.ts | 74 +++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 73 insertions(+), 1 deletion(-)
diff --git a/routes/search.ts b/routes/search.ts
index 7f12e422e7a..9306771b68c 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -1 +1,73 @@
-LyoKICogQ29weXJpZ2h0IChjKSAyMDE0LTIwMjMgQmpvZXJuIEtpbW1pbmljaCAmIHRoZSBPV0FTUCBKdWljZSBTaG9wIGNvbnRyaWJ1dG9ycy4KICogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IE1JVAogKi8KaW1wb3J0IG1vZGVscyA9IHJlcXVpcmUoJy4uL21vZGVscy9pbmRleCcpCmltcG9ydCB7IFJlcXVlc3QsIFJlc3BvbnNlLCBOZXh0RnVuY3Rpb24gfSBmcm9tICdleHByZXNzJwppbXBvcnQgeyBVc2VyTW9kZWwgfSBmcm9tICcuLi9tb2RlbHMvdXNlcicKCmltcG9ydCAqIGFzIHV0aWxzIGZyb20gJy4uL2xpYi91dGlscycKY29uc3QgY2hhbGxlbmdlVXRpbHMgPSByZXF1aXJlKCcuLi9saWIvY2hhbGxlbmdlVXRpbHMnKQpjb25zdCBjaGFsbGVuZ2VzID0gcmVxdWlyZSgnLi4vZGF0YS9kYXRhY2FjaGUnKS5jaGFsbGVuZ2VzCgpjbGFzcyBFcnJvcldpdGhQYXJlbnQgZXh0ZW5kcyBFcnJvciB7CiAgcGFyZW50OiBFcnJvciB8IHVuZGVmaW5lZAp9CgovLyB2dWxuLWNvZGUtc25pcHBldCBzdGFydCB1bmlvblNxbEluamVjdGlvbkNoYWxsZW5nZSBkYlNjaGVtYUNoYWxsZW5nZQptb2R1bGUuZXhwb3J0cyA9IGZ1bmN0aW9uIHNlYXJjaFByb2R1Y3RzKCkgewogIHJldHVybiAocmVxOiBSZXF1ZXN0LCByZXM6IFJlc3BvbnNlLCBuZXh0OiBOZXh0RnVuY3Rpb24pID0+IHsKICAgIGxldCBjcml0ZXJpYTogYW55ID0gcmVxLnF1ZXJ5LnEgPT09ICd1bmRlZmluZWQnID8gJycgOiByZXEucXVlcnkucSA/PyAnJwogICAgY3JpdGVyaWEgPSAoY3JpdGVyaWEubGVuZ3RoIDw9IDIwMCkgPyBjcml0ZXJpYSA6IGNyaXRlcmlhLnN1YnN0cmluZygwLCAyMDApCiAgICBtb2RlbHMuc2VxdWVsaXplLnF1ZXJ5KGBTRUxFQ1QgKiBGUk9NIFByb2R1Y3RzIFdIRVJFICgobmFtZSBMSUtFIDpjcml0ZXJpYSBPUiBkZXNjcmlwdGlvbiBMSUtFIDpjcml0ZXJpYSkgQU5EIGRlbGV0ZWRBdCBJUyBOVUxMKSBPUkRFUiBCWSBuYW1lYCwgeyByZXBsYWNlbWVudHM6IHsgY3JpdGVyaWE6IGAlJHtjcml0ZXJpYX0lYCB9IH0pIC8vIHZ1bG4tY29kZS1zbmlwcGV0IHZ1bG4tbGluZSB1bmlvblNxbEluamVjdGlvbkNoYWxsZW5nZSBkYlNjaGVtYUNoYWxsZW5nZQogICAgICAudGhlbigoW3Byb2R1Y3RzXTogYW55KSA9PiB7CiAgICAgICAgY29uc3QgZGF0YVN0cmluZyA9IEpTT04uc3RyaW5naWZ5KHByb2R1Y3RzKQogICAgICAgIGlmIChjaGFsbGVuZ2VVdGlscy5ub3RTb2x2ZWQoY2hhbGxlbmdlcy51bmlvblNxbEluamVjdGlvbkNoYWxsZW5nZSkpIHsgLy8gdnVsbi1jb2RlLXNuaXBwZXQgaGlkZS1zdGFydAogICAgICAgICAgbGV0IHNvbHZlZCA9IHRydWUKICAgICAgICAgIFVzZXJNb2RlbC5maW5kQWxsKCkudGhlbihkYXRhID0+IHsKICAgICAgICAgICAgY29uc3QgdXNlcnMgPSB1dGlscy5xdWVyeVJlc3VsdFRvSnNvbihkYXRhKQogICAgICAgICAgICBpZiAodXNlcnMuZGF0YT8ubGVuZ3RoKSB7CiAgICAgICAgICAgICAgZm9yIChsZXQgaSA9IDA7IGkgPCB1c2Vycy5kYXRhLmxlbmd0aDsgaSsrKSB7CiAgICAgICAgICAgICAgICBzb2x2ZWQgPSBzb2x2ZWQgJiYgdXRpbHMuY29udGFpbnNPckVzY2FwZWQoZGF0YVN0cmluZywgdXNlcnMuZGF0YVtpXS5lbWFpbCkgJiYgdXRpbHMuY29udGFpbnMoZGF0YVN0cmluZywgdXNlcnMuZGF0YVtpXS5wYXNzd29yZCkKICAgICAgICAgICAgICAgIGlmICghc29sdmVkKSB7CiAgICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgfQogICAgICAgICAgICAgIGlmIChzb2x2ZWQpIHsKICAgICAgICAgICAgICAgIGNoYWxsZW5nZVV0aWxzLnNvbHZlKGNoYWxsZW5nZXMudW5pb25TcWxJbmplY3Rpb25DaGFsbGVuZ2UpCiAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICB9KS5jYXRjaCgoZXJyb3I6IEVycm9yKSA9PiB7CiAgICAgICAgICAgIG5leHQoZXJyb3IpCiAgICAgICAgICB9KQogICAgICAgIH0KICAgICAgICBpZiAoY2hhbGxlbmdlVXRpbHMubm90U29sdmVkKGNoYWxsZW5nZXMuZGJTY2hlbWFDaGFsbGVuZ2UpKSB7CiAgICAgICAgICBsZXQgc29sdmVkID0gdHJ1ZQogICAgICAgICAgbW9kZWxzLnNlcXVlbGl6ZS5xdWVyeSgnU0VMRUNUIHNxbCBGUk9NIHNxbGl0ZV9tYXN0ZXInKS50aGVuKChbZGF0YV06IGFueSkgPT4gewogICAgICAgICAgICBjb25zdCB0YWJsZURlZmluaXRpb25zID0gdXRpbHMucXVlcnlSZXN1bHRUb0pzb24oZGF0YSkKICAgICAgICAgICAgaWYgKHRhYmxlRGVmaW5pdGlvbnMuZGF0YT8ubGVuZ3RoKSB7CiAgICAgICAgICAgICAgZm9yIChsZXQgaSA9IDA7IGkgPCB0YWJsZURlZmluaXRpb25zLmRhdGEubGVuZ3RoOyBpKyspIHsKICAgICAgICAgICAgICAgIGlmICh0YWJsZURlZmluaXRpb25zLmRhdGFbaV0uc3FsKSB7CiAgICAgICAgICAgICAgICAgIHNvbHZlZCA9IHNvbHZlZCAmJiB1dGlscy5jb250YWluc09yRXNjYXBlZChkYXRhU3RyaW5nLCB0YWJsZURlZmluaXRpb25zLmRhdGFbaV0uc3FsKQogICAgICAgICAgICAgICAgICBpZiAoIXNvbHZlZCkgewogICAgICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgaWYgKHNvbHZlZCkgewogICAgICAgICAgICAgICAgY2hhbGxlbmdlVXRpbHMuc29sdmUoY2hhbGxlbmdlcy5kYlNjaGVtYUNoYWxsZW5nZSkKICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICAgIH0pCiAgICAgICAgfSAvLyB2dWxuLWNvZGUtc25pcHBldCBoaWRlLWVuZAogICAgICAgIGZvciAobGV0IGkgPSAwOyBpIDwgcHJvZHVjdHMubGVuZ3RoOyBpKyspIHsKICAgICAgICAgIHByb2R1Y3RzW2ldLm5hbWUgPSByZXEuX18ocHJvZHVjdHNbaV0ubmFtZSkKICAgICAgICAgIHByb2R1Y3RzW2ldLmRlc2NyaXB0aW9uID0gcmVxLl9fKHByb2R1Y3RzW2ldLmRlc2NyaXB0aW9uKQogICAgICAgIH0KICAgICAgICByZXMuanNvbih1dGlscy5xdWVyeVJlc3VsdFRvSnNvbihwcm9kdWN0cykpCiAgICAgIH0pLmNhdGNoKChlcnJvcjogRXJyb3JXaXRoUGFyZW50KSA9PiB7CiAgICAgICAgbmV4dChlcnJvci5wYXJlbnQpCiAgICAgIH0pCiAgfQp9Ci8vIHZ1bG4tY29kZS1zbmlwcGV0IGVuZCB1bmlvblNxbEluamVjdGlvbkNoYWxsZW5nZSBkYlNjaGVtYUNoYWxsZW5nZQo=
\ No newline at end of file
+/*
+ * Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
+ * SPDX-License-Identifier: MIT
+ */
+import models = require('../models/index')
+import { Request, Response, NextFunction } from 'express'
+import { UserModel } from '../models/user'
+
+import * as utils from '../lib/utils'
+const challengeUtils = require('../lib/challengeUtils')
+const challenges = require('../data/datacache').challenges
+
+class ErrorWithParent extends Error {
+ parent: Error | undefined
+}
+
+// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
+module.exports = function searchProducts() {
+ return (req: Request, res: Response, next: NextFunction) => {
+ let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
+ criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then(([products]: any) => {
+ const dataString = JSON.stringify(products)
+ if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
+ let solved = true
+ UserModel.findAll().then(data => {
+ const users = utils.queryResultToJson(data)
+ if (users.data?.length) {
+ for (let i = 0; i < users.data.length; i++) {
+ solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)
+ if (!solved) {
+ break
+ }
+ }
+ if (solved) {
+ challengeUtils.solve(challenges.unionSqlInjectionChallenge)
+ }
+ }
+ }).catch((error: Error) => {
+ next(error)
+ })
+ }
+ if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {
+ let solved = true
+ models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {
+ const tableDefinitions = utils.queryResultToJson(data)
+ if (tableDefinitions.data?.length) {
+ for (let i = 0; i < tableDefinitions.data.length; i++) {
+ if (tableDefinitions.data[i].sql) {
+ solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)
+ if (!solved) {
+ break
+ }
+ }
+ }
+ if (solved) {
+ challengeUtils.solve(challenges.dbSchemaChallenge)
+ }
+ }
+ })
+ } // vuln-code-snippet hide-end
+ for (let i = 0; i < products.length; i++) {
+ products[i].name = req.__(products[i].name)
+ products[i].description = req.__(products[i].description)
+ }
+ res.json(utils.queryResultToJson(products))
+ }).catch((error: ErrorWithParent) => {
+ next(error.parent)
+ })
+ }
+}
+// vuln-code-snippet end unionSqlInjectionChallenge dbSchemaChallenge
From 1d3a90a6b7f903ecb413bdbff8b470609ade16ae Mon Sep 17 00:00:00 2001
From: "amplify-local[bot]"
<132378550+amplify-local[bot]@users.noreply.github.com>
Date: Wed, 3 Jan 2024 17:48:28 +0000
Subject: [PATCH 04/22] Amplify Security - Code fix for CWE-89 accepted
---
routes/search.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index 9306771b68c..cf3d568f55d 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then(([products]: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` }, type: models.sequelize.QueryTypes.SELECT }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then((products: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From f827337ddc0926d382041a2b18be429cd9e2c87b Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Wed, 3 Jan 2024 12:05:23 -0600
Subject: [PATCH 05/22] Revert "Amplify Security - Code fix for CWE-89
accepted"
This reverts commit 1d3a90a6b7f903ecb413bdbff8b470609ade16ae.
---
routes/search.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index cf3d568f55d..9306771b68c 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` }, type: models.sequelize.QueryTypes.SELECT }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then((products: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From 6a6776654db7e08260e118400356cd7fa88d9206 Mon Sep 17 00:00:00 2001
From: "amplify-local[bot]"
<132378550+amplify-local[bot]@users.noreply.github.com>
Date: Wed, 3 Jan 2024 18:13:03 +0000
Subject: [PATCH 06/22] Amplify Security - Code fix for CWE-89 accepted
---
routes/search.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index 9306771b68c..cf3d568f55d 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then(([products]: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` }, type: models.sequelize.QueryTypes.SELECT }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then((products: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From c4576246e29c15f5097d946cd077106fe7a6f174 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Wed, 3 Jan 2024 12:15:33 -0600
Subject: [PATCH 07/22] Revert "Amplify Security - Code fix for CWE-89
accepted"
This reverts commit 6a6776654db7e08260e118400356cd7fa88d9206.
---
routes/search.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index cf3d568f55d..9306771b68c 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` }, type: models.sequelize.QueryTypes.SELECT }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then((products: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From 6f8b7a8db6e0cc32c04a2b57b40c8bb45e0a1dc1 Mon Sep 17 00:00:00 2001
From: "amplify-local[bot]"
<132378550+amplify-local[bot]@users.noreply.github.com>
Date: Wed, 3 Jan 2024 18:24:12 +0000
Subject: [PATCH 08/22] Amplify Security - Code fix for CWE-89 accepted
---
routes/search.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index 9306771b68c..cf3d568f55d 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then(([products]: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` }, type: models.sequelize.QueryTypes.SELECT }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then((products: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From 85f1b5170a30b35f57301f55ef05268538a367d8 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Wed, 3 Jan 2024 12:25:11 -0600
Subject: [PATCH 09/22] Revert "Amplify Security - Code fix for CWE-89
accepted"
This reverts commit 6f8b7a8db6e0cc32c04a2b57b40c8bb45e0a1dc1.
---
routes/search.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index cf3d568f55d..9306771b68c 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` }, type: models.sequelize.QueryTypes.SELECT }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then((products: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From f05622b933cb730a06f21a0a0a9f0866e530c1a3 Mon Sep 17 00:00:00 2001
From: "amplify-local[bot]"
<132378550+amplify-local[bot]@users.noreply.github.com>
Date: Mon, 15 Jan 2024 20:16:34 +0000
Subject: [PATCH 10/22] Amplify Security - Code fix for CWE-89 accepted
---
routes/search.ts | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index 9306771b68c..687bcb6a2c2 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,12 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then(([products]: any) => {
+
+ models.sequelize.query('SELECT * FROM Products WHERE ((name LIKE ? OR description LIKE ?) AND deletedAt IS NULL) ORDER BY name', {
+ replacements: [`%${criteria}%`, `%${criteria}%`],
+ type: models.sequelize.QueryTypes.SELECT
+ }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then((products: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From 7fd60f2f37acef252f9f8308184257217bfd496e Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Mon, 15 Jan 2024 16:15:23 -0600
Subject: [PATCH 11/22] Revert "Amplify Security - Code fix for CWE-89
accepted"
This reverts commit f05622b933cb730a06f21a0a0a9f0866e530c1a3.
---
routes/search.ts | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index 687bcb6a2c2..9306771b68c 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,12 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
-
- models.sequelize.query('SELECT * FROM Products WHERE ((name LIKE ? OR description LIKE ?) AND deletedAt IS NULL) ORDER BY name', {
- replacements: [`%${criteria}%`, `%${criteria}%`],
- type: models.sequelize.QueryTypes.SELECT
- }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then((products: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From 772251a0bc5d9d8022f324b5bdb9c9ff20c50a08 Mon Sep 17 00:00:00 2001
From: "amplify-local[bot]"
<132378550+amplify-local[bot]@users.noreply.github.com>
Date: Thu, 14 Mar 2024 15:54:21 +0000
Subject: [PATCH 12/22] Amplify Security - Code fix for CWE-89 accepted
---
routes/search.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index 9306771b68c..cf3d568f55d 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then(([products]: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` }, type: models.sequelize.QueryTypes.SELECT }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then((products: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From 8d5643d5ad973581b367b1dcd8eb9623224b7c33 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Thu, 14 Mar 2024 18:21:31 -0500
Subject: [PATCH 13/22] Revert "Amplify Security - Code fix for CWE-89
accepted"
This reverts commit 772251a0bc5d9d8022f324b5bdb9c9ff20c50a08.
---
routes/search.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/routes/search.ts b/routes/search.ts
index cf3d568f55d..9306771b68c 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,8 +19,8 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` }, type: models.sequelize.QueryTypes.SELECT }) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
- .then((products: any) => {
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ .then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
let solved = true
From a814a3f9d4673d44ebae33983eec3e656b65d210 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Thu, 28 Mar 2024 12:19:44 -0500
Subject: [PATCH 14/22] Ignored CWE-89 vuln
---
routes/search.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/routes/search.ts b/routes/search.ts
index 9306771b68c..cbdc39c6f3a 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,7 +19,7 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // @amplify-ignore
.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
From 253044a2f034605978930887bcf85729451346ec Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Thu, 28 Mar 2024 13:04:29 -0500
Subject: [PATCH 15/22] Removed CWE-89 ignore comment
---
routes/search.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/routes/search.ts b/routes/search.ts
index cbdc39c6f3a..ded568c390e 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,7 +19,7 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // @amplify-ignore
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
From 9037f1a3fa46d1da9d424a2eade5d4c57b47bfc9 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Tue, 2 Apr 2024 13:54:41 -0500
Subject: [PATCH 16/22] Ignored SQL injection
---
routes/search.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/routes/search.ts b/routes/search.ts
index ded568c390e..cbdc39c6f3a 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,7 +19,7 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // @amplify-ignore
.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
From 218b1846b769869e19aa8340df5eaf3817ba6a1f Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Tue, 2 Apr 2024 13:57:28 -0500
Subject: [PATCH 17/22] Removed ignore on vulnerable SQL injection
---
routes/search.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/routes/search.ts b/routes/search.ts
index cbdc39c6f3a..ded568c390e 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,7 +19,7 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // @amplify-ignore
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
From b47abed9c39fd873c5604e7d50d189e514496831 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Thu, 25 Apr 2024 10:44:23 -0500
Subject: [PATCH 18/22] Updated Gruntfile.js
---
Gruntfile.js | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Gruntfile.js b/Gruntfile.js
index a6b6bcac0ce..1005f5e5167 100644
--- a/Gruntfile.js
+++ b/Gruntfile.js
@@ -84,3 +84,5 @@ module.exports = function (grunt) {
grunt.loadNpmTasks('grunt-contrib-compress')
grunt.registerTask('package', ['replace_json:manifest', 'compress:pckg', 'checksum'])
}
+
+// Gruntfile.js
From f1b856f62cae3e2f26990eb745044e9b9580ba6b Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Thu, 9 May 2024 16:51:41 -0500
Subject: [PATCH 19/22] Added .amplifyignore
---
.amplifyignore | 1 +
1 file changed, 1 insertion(+)
create mode 100644 .amplifyignore
diff --git a/.amplifyignore b/.amplifyignore
new file mode 100644
index 00000000000..6a1e48ad452
--- /dev/null
+++ b/.amplifyignore
@@ -0,0 +1 @@
+routes/*.ts
From 0cff134ba7d6384fb2c84611796e1679391556e4 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Thu, 9 May 2024 17:03:57 -0500
Subject: [PATCH 20/22] updated .amplifyignore
---
.amplifyignore | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.amplifyignore b/.amplifyignore
index 6a1e48ad452..90659d69755 100644
--- a/.amplifyignore
+++ b/.amplifyignore
@@ -1 +1 @@
-routes/*.ts
+routes/*.js
From 41c57bbc107a76dcb03f6411297f37f9e28b8284 Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Thu, 23 May 2024 13:43:20 -0500
Subject: [PATCH 21/22] ignoring SQL injection
---
routes/search.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/routes/search.ts b/routes/search.ts
index ded568c390e..cbdc39c6f3a 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,7 +19,7 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // @amplify-ignore
.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start
From 8b20ccbab74ac108eb4aa41c826d81ba6264ea9a Mon Sep 17 00:00:00 2001
From: Michael Fox <mfox@amplify.security>
Date: Thu, 23 May 2024 14:02:45 -0500
Subject: [PATCH 22/22] removing vuln ignore
---
routes/search.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/routes/search.ts b/routes/search.ts
index cbdc39c6f3a..ded568c390e 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -19,7 +19,7 @@ module.exports = function searchProducts() {
return (req: Request, res: Response, next: NextFunction) => {
let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
- models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // @amplify-ignore
+ models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
.then(([products]: any) => {
const dataString = JSON.stringify(products)
if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start