Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:javascript-node-security/sql-injection
Language: JavaScript
Severity: Error
Category: Security
Description
Check for variable declarations in a SQL statement where there is potential for SQL injections.
module.exports=functionsearchProducts(){return(req:Request,res:Response,next:NextFunction)=>{letcriteria:any=req.query.q==='undefined'?'':req.query.q??''criteria=(criteria.length<=200)?criteria:criteria.substring(0,200)// only allow apple or orange related searches
if(!criteria.startsWith("apple")||!criteria.startsWith("orange")){res.status(400).send()return}models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`).then(([products]:any)=>{constdataString=JSON.stringify(products)for(leti=0;i<products.length;i++){products[i].name=req.__(products[i].name)products[i].description=req.__(products[i].description)}res.json(utils.queryResultToJson(products))}).catch((error:ErrorWithParent)=>{next(error.parent)})}}
module.exports=functionsearchProducts(){return(req:Request,res:Response,next:NextFunction)=>{letcriteria:any=req.query.q==='undefined'?'':req.query.q??''criteria=(criteria.length<=200)?criteria:criteria.substring(0,200)criteria.replace(/"|'|;|and|or/i,"")models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`).then(([products]:any)=>{constdataString=JSON.stringify(products)for(leti=0;i<products.length;i++){products[i].name=req.__(products[i].name)products[i].description=req.__(products[i].description)}res.json(utils.queryResultToJson(products))}).catch((error:ErrorWithParent)=>{next(error.parent)})}}
constinjectionChars=/"|'|;|and|or|;|#/i;module.exports=functionsearchProducts(){return(req:Request,res:Response,next:NextFunction)=>{letcriteria:any=req.query.q==='undefined'?'':req.query.q??''criteria=(criteria.length<=200)?criteria:criteria.substring(0,200)if(criteria.match(injectionChars)){res.status(400).send()return}models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`).then(([products]:any)=>{constdataString=JSON.stringify(products)for(leti=0;i<products.length;i++){products[i].name=req.__(products[i].name)products[i].description=req.__(products[i].description)}res.json(utils.queryResultToJson(products))}).catch((error:ErrorWithParent)=>{next(error.parent)})}}
module.exports=functionsearchProducts(){return(req:Request,res:Response,next:NextFunction)=>{letcriteria:any=req.query.q==='undefined'?'':req.query.q??''criteria=(criteria.length<=200)?criteria:criteria.substring(0,200)models.sequelize.query("SELECT * FROM Products WHERE ((name LIKE '%"+criteria+"%' OR description LIKE '%"+criteria+"%') AND deletedAt IS NULL) ORDER BY name").then(([products]:any)=>{constdataString=JSON.stringify(products)for(leti=0;i<products.length;i++){products[i].name=req.__(products[i].name)products[i].description=req.__(products[i].description)}res.json(utils.queryResultToJson(products))}).catch((error:ErrorWithParent)=>{next(error.parent)})}}
varexpress=require('express')varapp=express()constSequelize=require('sequelize');constsequelize=newSequelize('database','username','password',{dialect:'sqlite',storage:'data/juiceshop.sqlite'});app.post('/login',function(req,res){sequelize.query('SELECT * FROM Products WHERE name LIKE '+req.body.username);})app.post('/update',function(req,res){sequelize.query('UPDATE products SET bla=bli WHERE name LIKE '+req.body.username);})app.post('/remove',function(req,res){sequelize.query('DELETE FROM product WHERE name LIKE '+req.body.username);})
constexpress=require('express');constrouter=express.Router()constconfig=require('../../config')constmysql=require('mysql');constconnection=mysql.createConnection({host:config.MYSQL_HOST,port:config.MYSQL_PORT,user:config.MYSQL_USER,password:config.MYSQL_PASSWORD,database:config.MYSQL_DB_NAME,});connection.connect();router.get('/example1/user/:id',(req,res)=>{letuserId=req.params.id;letquery={sql:"SELECT * FROM users WHERE id="+userId}connection.query(query,(err,result)=>{res.json(result);});})router.get('/example2/user/:id',(req,res)=>{letuserId=req.params.id;connection.query("SELECT * FROM users WHERE id="+userId,(err,result)=>{res.json(result);});})router.get('/example3/user/:id',(req,res)=>{letuserId=req.params.id;connection.query({sql:"SELECT * FROM users WHERE id="+userId},(err,result)=>{res.json(result);});})module.exports=router
Compliant Code Examples
import{BasketModel}from"../../../models/basket";module.exports=functionlogin(){functionafterLogin(user:{data:User,bid:number},res:Response,next:NextFunction){BasketModel.findOrCreate({where:{UserId:user.data.id}}).then(([basket]:[BasketModel,boolean])=>{consttoken=security.authorize(user)user.bid=basket.id// keep track of original basket
security.authenticatedUsers.put(token,user)res.json({authentication:{token,bid:basket.id,umail:user.data.email}})}).catch((error:Error)=>{next(error)})}return(req:Request,res:Response,next:NextFunction)=>{models.sequelize.query(`SELECT * FROM Users WHERE email = $1 AND password = $2 AND deletedAt IS NULL`,{bind:[req.body.email,req.body.password],model:models.User,plain:true}).then((authenticatedUser:{data:User})=>{constuser=utils.queryResultToJson(authenticatedUser)if(user.data?.id&&user.data.totpSecret!==''){res.status(401).json({status:'totp_token_required',data:{tmpToken:security.authorize({userId:user.data.id,type:'password_valid_needs_second_factor_token'})}})}elseif(user.data?.id){afterLogin(user,res,next)}else{res.status(401).send(res.__('Invalid email or password.'))}}).catch((error:Error)=>{next(error)})}
import{BasketModel}from"../../../models/basket";module.exports=functionlogin(){functionafterLogin(user:{data:User,bid:number},res:Response,next:NextFunction){BasketModel.findOrCreate({where:{UserId:user.data.id}}).then(([basket]:[BasketModel,boolean])=>{consttoken=security.authorize(user)user.bid=basket.id// keep track of original basket
security.authenticatedUsers.put(token,user)res.json({authentication:{token,bid:basket.id,umail:user.data.email}})}).catch((error:Error)=>{next(error)})}return(req:Request,res:Response,next:NextFunction)=>{models.sequelize.query('SELECT * FROM Users WHERE email = $1 AND password = $2 AND deletedAt IS NULL',{bind:[req.body.email,req.body.password],model:models.User,plain:true}).then((authenticatedUser:{data:User})=>{constuser=utils.queryResultToJson(authenticatedUser)if(user.data?.id&&user.data.totpSecret!==''){res.status(401).json({status:'totp_token_required',data:{tmpToken:security.authorize({userId:user.data.id,type:'password_valid_needs_second_factor_token'})}})}elseif(user.data?.id){afterLogin(user,res,next)}else{res.status(401).send(res.__('Invalid email or password.'))}}).catch((error:Error)=>{next(error)})}
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- javascript-node-security # Rules to enforce JavaScript node security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines
