Merge pull request #25 from jinmok-cycode/master-cycode-fix-suggestio…

…n-59be73 [Cycode] Fix for SAST detections - Unsanitized input in SQL query
jinmok-cycode · Aug 1, 2024 · 50c4e38 · 50c4e38
2 parents f5083d8 + e71e94b
commit 50c4e38
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/data/static/codefixes/loginJimChallenge_4.ts b/data/static/codefixes/loginJimChallenge_4.ts
@@ -12,12 +12,14 @@ module.exports = function login () {
         next(error)
       })
   }
-
-  return (req: Request, res: Response, next: NextFunction) => {
+return (req: Request, res: Response, next: NextFunction) => {
     if (req.body.email.match(/.*['-;].*/) || req.body.password.match(/.*['-;].*/)) {
       res.status(451).send(res.__('SQL Injection detected.'))
     }
-    models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: models.User, plain: true })
+    const email = req.body.email || '';
+    const hashedPassword = security.hash(req.body.password || '');
+    const sqlQuery = `SELECT * FROM Users WHERE email = ? AND password = ? AND deletedAt IS NULL`;
+    models.sequelize.query(sqlQuery, { replacements: [email, hashedPassword], model: models.User, plain: true })
       .then((authenticatedUser) => {
         const user = utils.queryResultToJson(authenticatedUser)
         if (user.data?.id && user.data.totpSecret !== '') {
@@ -38,4 +40,4 @@ module.exports = function login () {
       }).catch((error: Error) => {
         next(error)
       })
-  }
+  }