[Local] Test after project delete #146
Conversation
![Amplify [Lab]](https://avatars.githubusercontent.com/in/347747?s=40&u=f167c38980969fad1d181fdacb66403b97c6399a&v=4){kind=avatar}
✨ Amplify has finished checking this pull requestSecurity Pipeline
Vulnerabilities Detected
Note To ignore a finding, append |
![amplify-lab[bot]](https://avatars.githubusercontent.com/in/347747?s=60&v=4){kind=small}
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) | ||
| .then(([products]: any) => { |
There was a problem hiding this comment.
Warning
Amplify has been notified that this line contains a vulnerability 🕷️.
Vulnerability: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Impact: MEDIUM
Code Fix: ✅
Amplify Security has prepared an automated remediation for review. Click here to review and commit the code fix.
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) | |
| .then(([products]: any) => { | |
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE ? OR description LIKE ?) AND deletedAt IS NULL) ORDER BY name`, { | |
| replacements: [`%${criteria}%`, `%${criteria}%`], | |
| type: models.sequelize.QueryTypes.SELECT | |
| }) | |
| .then((products: any) => { |
The code change fixes the 'Cross-site Scripting' vulnerability by properly neutralizing the input before using it in the SQL query.
In the original code, the criteria variable is directly concatenated into the SQL query string using string interpolation (%${criteria}%). This can allow an attacker to inject malicious code into the query, leading to a potential XSS vulnerability.
The code change replaces the string interpolation with parameterized queries. The replacements option is used to pass the criteria value as a parameter to the query. This ensures that the input is properly escaped and prevents any potential injection attacks.
By using parameterized queries, the code change mitigates the risk of XSS vulnerabilities by properly handling user input in the SQL query.
Note
Have a question or concern about this vulnerability fix? Get an answer within seconds by asking our Concierge 🤖 with @amplify-security.
i.e. @amplify-security are there known performance issues resulting from this fix?
|
|
||
| // vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge | ||
| module.exports = function searchProducts() { | ||
| return (req: Request, res: Response, next: NextFunction) => { | ||
| let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? '' | ||
| criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200) | ||
| console.log(criteria) | ||
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) |
There was a problem hiding this comment.
Warning
Amplify has been notified that this line contains a vulnerability 🕷️.
Vulnerability: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Impact: HIGH
Code Fix: ✅
Amplify Security has prepared an automated remediation for review. Click here to review and commit the code fix.
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) | |
| models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE :criteria OR description LIKE :criteria) AND deletedAt IS NULL) ORDER BY name`, { replacements: { criteria: `%${criteria}%` } }) |
The code change fixes the SQL Injection vulnerability by using parameterized queries instead of directly concatenating user input into the SQL query string.
In the original code, the user input criteria is directly interpolated into the SQL query string using string concatenation. This allows an attacker to manipulate the input and inject malicious SQL code, potentially leading to unauthorized access or data manipulation.
In the fixed code, the criteria value is passed as a named parameter :criteria in the SQL query string. The actual value of criteria is provided separately as a replacement value in the replacements object. This ensures that the user input is treated as a parameter and not as part of the SQL query itself, preventing SQL Injection attacks.
By using parameterized queries, the code ensures that user input is properly sanitized and escaped, reducing the risk of SQL Injection vulnerabilities.
For more information on SQL Injection and how to prevent it, you can refer to the OWASP SQL Injection Prevention Cheat Sheet: OWASP SQL Injection Prevention Cheat Sheet
Note
Have a question or concern about this vulnerability fix? Get an answer within seconds by asking our Concierge 🤖 with @amplify-security.
i.e. @amplify-security are there known performance issues resulting from this fix?
Description
A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context.
Resolved or fixed issue:
Affirmation