Partner Login for NewPortal (DO NOT MERGE - DEMO EXAMPLE OF PR) #33
Conversation
⛔ Snyk checks have failed. 1 issues have been found so far.
✅ security/snyk check is complete. No issues have been found. (View Details) ✅ license/snyk check is complete. No issues have been found. (View Details) ⛔ code/snyk check is complete. 1 issues have been found. (View Details) |
|
|
||
| return (req: Request, res: Response, next: NextFunction) => { | ||
| verifyPreLoginChallenges(req) // vuln-code-snippet hide-line | ||
| models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: UserModel, plain: true }) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge |
There was a problem hiding this comment.
SQL Injection
Unsanitized input from the HTTP request body flows into query, where it is used in an SQL query. This may result in an SQL Injection vulnerability.
Line 36 | CWE-89 | Priority score 773 | Learn more about this vulnerability
Data flow: 5 steps
Step 1 - 3
juice-shop-goof/routes/loginPartner.ts
Line 61 in 202f681
Step 4 - 5
juice-shop-goof/routes/loginPartner.ts
Line 36 in 202f681
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| return (req: Request, res: Response, next: NextFunction) => { | ||
| verifyPreLoginChallenges(req) // vuln-code-snippet hide-line | ||
| models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: UserModel, plain: true }) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 10 days ago
To fix the problem, we should use query parameters to safely embed the user-provided data into the SQL query. This approach prevents SQL injection by ensuring that the user input is treated as data rather than executable code. Specifically, we will modify the query on line 36 to use parameterized queries provided by the Sequelize library.
| @@ -35,3 +35,7 @@ | ||
| verifyPreLoginChallenges(req) // vuln-code-snippet hide-line | ||
| models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: UserModel, plain: true }) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge | ||
| models.sequelize.query('SELECT * FROM Users WHERE email = ? AND password = ? AND deletedAt IS NULL', { | ||
| replacements: [req.body.email || '', security.hash(req.body.password || '')], | ||
| model: UserModel, | ||
| plain: true | ||
| }) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge | ||
| .then((authenticatedUser: { data: User }) => { // vuln-code-snippet neutral-line loginAdminChallenge loginBenderChallenge loginJimChallenge |
new partner login
Description
A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context.
Resolved or fixed issue:
Affirmation