Skip to content

Commit 5e25e0c

Browse files
DefenderKDefenderK
committed
Dylan Fixing Issues
1 parent e667c73 commit 5e25e0c

File tree

3 files changed

+132
-48
lines changed

3 files changed

+132
-48
lines changed

package-lock.json

Lines changed: 123 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
"test": "snyk test"
1616
},
1717
"dependencies": {
18-
"adm-zip": "0.4.7",
18+
"adm-zip": "0.5.2",
1919
"body-parser": "1.9.0",
2020
"cfenv": "^1.0.4",
2121
"consolidate": "0.14.5",
@@ -46,7 +46,8 @@
4646
"stream-buffers": "^3.0.1",
4747
"tap": "^11.1.3",
4848
"typeorm": "^0.2.24",
49-
"validator": "^13.5.2"
49+
"validator": "^13.5.2",
50+
"stimulus_reflex": "3.4.1"
5051
},
5152
"devDependencies": {
5253
"browserify": "^13.1.1",

routes/index.js

Lines changed: 6 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -34,43 +34,8 @@ exports.index = function (req, res, next) {
3434
});
3535
};
3636

37-
// Vulnerable code:
38-
39-
exports.loginHandler = function (req, res, next) {
40-
if (validator.isEmail(req.body.username)) {
41-
User.find({ username: req.body.username, password: req.body.password }, function (err, users) {
42-
if (users.length > 0) {
43-
const redirectPage = req.body.redirectPage
44-
const session = req.session
45-
const username = req.body.username
46-
return adminLoginSuccess(redirectPage, session, username, res)
47-
} else {
48-
return res.status(401).send()
49-
}
50-
});
51-
} else {
52-
return res.status(401).send()
53-
}
54-
};
55-
56-
57-
if (validator.isEmail(req.body.username)) {
58-
User.find({ username: req.body.username, password: req.body.password }, function (err, users) {
59-
if (users.length > 0) {
60-
const redirectPage = req.body.redirectPage
61-
const session = req.session
62-
const username = req.body.username
63-
return adminLoginSuccess(redirectPage, session, username, res)
64-
} else {
65-
return res.status(401).send()
66-
}
67-
});
68-
} else {
69-
return res.status(401).send()
70-
};
71-
7237
// Fixed code: validator.escape() is used to sanitize the input parameters (username and password) before using them in the database query.
73-
/*
38+
7439
exports.loginHandler = function (req, res, next) {
7540
// Validate if the username is in email format
7641
if (validator.isEmail(req.body.username)) {
@@ -98,7 +63,7 @@ exports.loginHandler = function (req, res, next) {
9863
return res.status(401).send("Unauthorized");
9964
}
10065
};
101-
*/
66+
10267

10368
function adminLoginSuccess(redirectPage, session, username, res) {
10469
session.loggedIn = 1
@@ -356,7 +321,10 @@ exports.about_new = function (req, res, next) {
356321
};
357322

358323
// Add new Vulnerable code:
359-
324+
exports.vulnerable_xss_reflected = function (req, res) {
325+
const userInput = req.query.name;
326+
res.send(`<h1>Hello ${userInput}</h1>`);
327+
};
360328

361329

362330
// Prototype Pollution

0 commit comments

Comments
 (0)