Skip to content

Commit

Permalink
format files
Browse files Browse the repository at this point in the history
  • Loading branch information
philipp.delmonego committed Nov 14, 2023
1 parent 792f46f commit df5207c
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 26 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,17 @@

import javax.persistence.*;


/** @author [email protected] KSASAN */
@Access(AccessType.FIELD)
@Entity
@Table(name = "cars")
@NamedQuery( name="findById", query = "select c from CarInformation c where c.id=:id")
@NamedQuery(name = "findById", query = "select c from CarInformation c where c.id=:id")
public class CarInformation {

@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private int id;

private String name;

@Column(name = "IMAGE")
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
package org.sasanlabs.service.vulnerability.sqlInjection;

import org.springframework.data.jpa.repository.JpaRepository;

import java.util.Optional;
import org.springframework.data.jpa.repository.JpaRepository;

public interface CarInformationRepository extends JpaRepository<CarInformation, Integer> {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,11 @@
import java.sql.SQLException;
import java.util.Map;
import java.util.Optional;

import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Root;
import org.sasanlabs.internal.utility.LevelConstants;
import org.sasanlabs.internal.utility.Variant;
import org.sasanlabs.internal.utility.annotations.AttackVector;
Expand All @@ -20,12 +24,6 @@
import org.springframework.jdbc.core.namedparam.SqlParameterSource;
import org.springframework.web.bind.annotation.RequestParam;

import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Root;

/**
* Union Based SQL Injection is another dangerous way to extract data from the database by combining
* results of multiple queries. This is the second way which is generally tried by the hackers after
Expand All @@ -44,7 +42,10 @@ public class UnionBasedSQLInjectionVulnerability {
private final EntityManager entityManager;

public UnionBasedSQLInjectionVulnerability(
@Qualifier("applicationJdbcTemplate") final JdbcTemplate applicationJdbcTemplate, NamedParameterJdbcTemplate namedParameterJdbcTemplate, CarInformationRepository carInformationRepository, EntityManager entityManager) {
@Qualifier("applicationJdbcTemplate") final JdbcTemplate applicationJdbcTemplate,
NamedParameterJdbcTemplate namedParameterJdbcTemplate,
CarInformationRepository carInformationRepository,
EntityManager entityManager) {
this.applicationJdbcTemplate = applicationJdbcTemplate;
this.namedParameterJdbcTemplate = namedParameterJdbcTemplate;
this.carInformationRepository = carInformationRepository;
Expand Down Expand Up @@ -117,12 +118,12 @@ public ResponseEntity<CarInformation> getCarInformationLevel5(
@RequestParam final Map<String, String> queryParams) {
final String id = queryParams.get("id");
SqlParameterSource namedParameters = new MapSqlParameterSource().addValue("id", id);
CarInformation s = namedParameterJdbcTemplate.queryForObject(
"select * from cars where id=:id", namedParameters, CarInformation.class);
CarInformation s =
namedParameterJdbcTemplate.queryForObject(
"select * from cars where id=:id", namedParameters, CarInformation.class);
return new ResponseEntity<>(s, HttpStatus.OK);
}


@VulnerableAppRequestMapping(
value = LevelConstants.LEVEL_6,
variant = Variant.SECURE,
Expand All @@ -131,8 +132,10 @@ public ResponseEntity<CarInformation> getCarInformationLevel6(
@RequestParam final Map<String, String> queryParams) {
final String id = queryParams.get("id");
String jql = "from CarInformation where id = :id";
TypedQuery<CarInformation> q = entityManager.createQuery(jql, CarInformation.class)
.setParameter("id", Integer.valueOf(id));
TypedQuery<CarInformation> q =
entityManager
.createQuery(jql, CarInformation.class)
.setParameter("id", Integer.valueOf(id));
return new ResponseEntity<>(q.getSingleResult(), HttpStatus.OK);
}

Expand Down Expand Up @@ -161,8 +164,10 @@ public ResponseEntity<CarInformation> getCarInformationLevel7(
public ResponseEntity<CarInformation> getCarInformationLevel8(
@RequestParam final Map<String, String> queryParams) {
final String id = queryParams.get("id");
TypedQuery<CarInformation> q = entityManager.createNamedQuery("findById", CarInformation.class)
.setParameter("id", Integer.valueOf(id));
TypedQuery<CarInformation> q =
entityManager
.createNamedQuery("findById", CarInformation.class)
.setParameter("id", Integer.valueOf(id));
return new ResponseEntity<>(q.getSingleResult(), HttpStatus.OK);
}

Expand All @@ -173,8 +178,11 @@ public ResponseEntity<CarInformation> getCarInformationLevel8(
public ResponseEntity<CarInformation> getCarInformationLevel9(
@RequestParam final Map<String, String> queryParams) {
final String id = queryParams.get("id");
Optional<CarInformation> carInformation = carInformationRepository.findById(Integer.valueOf(id));
return carInformation.map(information -> new ResponseEntity<>(information, HttpStatus.OK)).orElseGet(() -> new ResponseEntity<>(HttpStatus.NOT_FOUND));
Optional<CarInformation> carInformation =
carInformationRepository.findById(Integer.valueOf(id));
return carInformation
.map(information -> new ResponseEntity<>(information, HttpStatus.OK))
.orElseGet(() -> new ResponseEntity<>(HttpStatus.NOT_FOUND));
}

private ResponseEntity<CarInformation> resultSetToResponse(final ResultSet rs)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import java.util.Collections;
import java.util.Map;
import java.util.Objects;

import javax.persistence.EntityManager;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatcher;
Expand All @@ -18,8 +18,6 @@
import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;

import javax.persistence.EntityManager;

class UnionBasedSQLInjectionVulnerabilityTest {

private UnionBasedSQLInjectionVulnerability unionBasedSQLInjectionVulnerability;
Expand All @@ -46,7 +44,12 @@ void setUp() {
(PreparedStatementSetter) any(),
(ResultSetExtractor<? extends Object>) any());

unionBasedSQLInjectionVulnerability = new UnionBasedSQLInjectionVulnerability(template, namedParameterJdbcTemplate, carInformationRepository, entityManager);
unionBasedSQLInjectionVulnerability =
new UnionBasedSQLInjectionVulnerability(
template,
namedParameterJdbcTemplate,
carInformationRepository,
entityManager);
}

@Test
Expand Down Expand Up @@ -114,7 +117,9 @@ void getCarInformationLevel5_ExpectParamEscaped() {
final String id = "1' UNION SELECT * FROM cars; --";
unionBasedSQLInjectionVulnerability.getCarInformationLevel5(params);
// Assert
ArgumentMatcher<MapSqlParameterSource> argumentMatcher = sqlParameterSource -> Objects.requireNonNull(sqlParameterSource.getValue("id").equals(id));
ArgumentMatcher<MapSqlParameterSource> argumentMatcher =
sqlParameterSource ->
Objects.requireNonNull(sqlParameterSource.getValue("id").equals(id));
verify(namedParameterJdbcTemplate)
.queryForObject(
eq("select * from cars where id=:id"),
Expand Down

0 comments on commit df5207c

Please sign in to comment.