From e71e94b1e225e29e491b29e9308c6692ede7b969 Mon Sep 17 00:00:00 2001
From: "cycode-security[bot]"
 <54410473+cycode-security[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 02:22:59 +0000
Subject: [PATCH] [Cycode] Fix for SAST detections - Unsanitized input in SQL
 query

---
 data/static/codefixes/loginJimChallenge_4.ts | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/data/static/codefixes/loginJimChallenge_4.ts b/data/static/codefixes/loginJimChallenge_4.ts
index 3dac4465ad8..3246a587484 100644
--- a/data/static/codefixes/loginJimChallenge_4.ts
+++ b/data/static/codefixes/loginJimChallenge_4.ts
@@ -12,12 +12,14 @@ module.exports = function login () {
         next(error)
       })
   }
-
-  return (req: Request, res: Response, next: NextFunction) => {
+return (req: Request, res: Response, next: NextFunction) => {
     if (req.body.email.match(/.*['-;].*/) || req.body.password.match(/.*['-;].*/)) {
       res.status(451).send(res.__('SQL Injection detected.'))
     }
-    models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: models.User, plain: true })
+    const email = req.body.email || '';
+    const hashedPassword = security.hash(req.body.password || '');
+    const sqlQuery = `SELECT * FROM Users WHERE email = ? AND password = ? AND deletedAt IS NULL`;
+    models.sequelize.query(sqlQuery, { replacements: [email, hashedPassword], model: models.User, plain: true })
       .then((authenticatedUser) => {
         const user = utils.queryResultToJson(authenticatedUser)
         if (user.data?.id && user.data.totpSecret !== '') {
@@ -38,4 +40,4 @@ module.exports = function login () {
       }).catch((error: Error) => {
         next(error)
       })
-  }
\ No newline at end of file
+  }