juice-shop
74 строки · 3.1 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import * as models from '../models/index'7import { type Request, type Response, type NextFunction } from 'express'8import { UserModel } from '../models/user'9import { challenges } from '../data/datacache'10
11import * as utils from '../lib/utils'12const challengeUtils = require('../lib/challengeUtils')13
14class ErrorWithParent extends Error {15parent: Error | undefined16}
17
18// vuln-code-snippet start unionSqlInjectionChallenge dbSchemaChallenge
19module.exports = function searchProducts () {20return (req: Request, res: Response, next: NextFunction) => {21let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''22criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)23models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge24.then(([products]: any) => {25const dataString = JSON.stringify(products)26if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start27let solved = true28UserModel.findAll().then(data => {29const users = utils.queryResultToJson(data)30if (users.data?.length) {31for (let i = 0; i < users.data.length; i++) {32solved = solved && utils.containsOrEscaped(dataString, users.data[i].email) && utils.contains(dataString, users.data[i].password)33if (!solved) {34break35}36}37if (solved) {38challengeUtils.solve(challenges.unionSqlInjectionChallenge)39}40}41}).catch((error: Error) => {42next(error)43})44}45if (challengeUtils.notSolved(challenges.dbSchemaChallenge)) {46let solved = true47void models.sequelize.query('SELECT sql FROM sqlite_master').then(([data]: any) => {48const tableDefinitions = utils.queryResultToJson(data)49if (tableDefinitions.data?.length) {50for (let i = 0; i < tableDefinitions.data.length; i++) {51if (tableDefinitions.data[i].sql) {52solved = solved && utils.containsOrEscaped(dataString, tableDefinitions.data[i].sql)53if (!solved) {54break55}56}57}58if (solved) {59challengeUtils.solve(challenges.dbSchemaChallenge)60}61}62})63} // vuln-code-snippet hide-end64for (let i = 0; i < products.length; i++) {65products[i].name = req.__(products[i].name)66products[i].description = req.__(products[i].description)67}68res.json(utils.queryResultToJson(products))69}).catch((error: ErrorWithParent) => {70next(error.parent)71})72}73}
74// vuln-code-snippet end unionSqlInjectionChallenge dbSchemaChallenge
75