diff --git a/.amplifyignore b/.amplifyignore new file mode 100644 index 00000000000..90659d69755 --- /dev/null +++ b/.amplifyignore @@ -0,0 +1 @@ +routes/*.js diff --git a/Gruntfile.js b/Gruntfile.js index a6b6bcac0ce..1005f5e5167 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -84,3 +84,5 @@ module.exports = function (grunt) { grunt.loadNpmTasks('grunt-contrib-compress') grunt.registerTask('package', ['replace_json:manifest', 'compress:pckg', 'checksum']) } + +// Gruntfile.js diff --git a/routes/search.ts b/routes/search.ts index f831e4b3828..ded568c390e 100644 --- a/routes/search.ts +++ b/routes/search.ts @@ -2,14 +2,72 @@ * Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors. * SPDX-License-Identifier: MIT */ +import models = require('../models/index') import { Request, Response, NextFunction } from 'express' +import { UserModel } from '../models/user' + +import * as utils from '../lib/utils' +const challengeUtils = require('../lib/challengeUtils') +const challenges = require('../data/datacache').challenges + +class ErrorWithParent extends Error { + parent: Error | undefined +} // vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge module.exports = function searchProducts() { return (req: Request, res: Response, next: NextFunction) => { let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? '' criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200) - console.log(criteria) + models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) + .then(([products]: any) => { + const dataString = JSON.stringify(products) + if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start + let solved = true + UserModel.findAll().then(data => { + const users = utils.queryResultToJson(data) + if (users.data?.length) { + for (let i = 0; i < users.data.length; i++) { + solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password) + if (!solved) { + break + } + } + if (solved) { + challengeUtils.solve(challenges.unionSqlInjectionChallenge) + } + } + }).catch((error: Error) => { + next(error) + }) + } + if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) { + let solved = true + models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => { + const tableDefinitions = utils.queryResultToJson(data) + if (tableDefinitions.data?.length) { + for (let i = 0; i < tableDefinitions.data.length; i++) { + if (tableDefinitions.data[i].sql) { + solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql) + if (!solved) { + break + } + } + } + if (solved) { + challengeUtils.solve(challenges.dbSchemaChallenge) + } + } + }) + } // vuln-code-snippet hide-end + for (let i = 0; i < products.length; i++) { + products[i].name = req.__(products[i].name) + products[i].description = req.__(products[i].description) + } + res.json(utils.queryResultToJson(products)) + }).catch((error: ErrorWithParent) => { + next(error.parent) + }) } } // vuln-code-snippet end unionSqlInjectionChallenge dbSchemaChallenge