✨ Add vulnerable searchUser endpoint to demonstrate SQL injection #45
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| + "%'"; | ||
|
|
||
| Statement statement = connection.createStatement(); | ||
| ResultSet resultSet = statement.executeQuery(vulnerableQuery); |
Check failure
Code scanning / SonarCloud
Database queries should not be vulnerable to injection attacks High
This endpoint is intentionally vulnerable for security scanning demos. It uses direct string concatenation in SQL queries, making it susceptible to SQL injection attacks. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
dunningdan
force-pushed
the
demo/sql-injection-clean
branch
from
672eec1 to
7e11c5c
Compare
Changed polaris_assessment_types from "SCA,SAST" to "SAST" only for both full scan and PR scan steps. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| .feedback("Found " + count + " user(s):\n" + results.toString()) | ||
| .build(); | ||
| } else { | ||
| return success(this).feedback("No users found matching: " + searchTerm).build(); |
There was a problem hiding this comment.
Auto-generated PR comment (Polaris)
Polaris SAST Issue - Improper Resource Shutdown or Release
High CWE-404
Leak of a system resource
The system resource will not be reclaimed and reused, reducing the future availability of the resource.
How to fix
The application must shut down or close any opened resource (such as a database connection, file handle, or input/output stream) after it is finished using that resource. The implementation should account for all possible execution paths where use of a resource ceases, including when exceptions occur.
Where possible, it is recommended to use the dispose pattern provided by the language or framework in question, e.g., the "using" statement in C# or the "try-with-resources" statement in Java to ensure a disposable or closeable object is disposed or closed on all paths exiting a block, including exception cases. Otherwise, calling "Dispose" (C#) or "close" (Java) in a "finally" block is equally effective but more verbose and prone to mistakes.
| + "%'"; | ||
|
|
||
| Statement statement = connection.createStatement(); | ||
| ResultSet resultSet = statement.executeQuery(vulnerableQuery); |
There was a problem hiding this comment.
Auto-generated PR comment (Polaris)
Polaris SAST Issue - SQL Injection
High CWE-89
Untrusted user-supplied data is inserted into a SQL statement without adequate validation, escaping, or filtering.
A user can change the intent of the SQL query, which may inappropriately disclose or corrupt data within the database.
How to fix
Rewrite all SQL queries constructed through dynamic concatenation to use an injection-safe query mechanism such as prepared statements with parameterized queries.
Most modern programming languages provide a feature called "parameterized queries" that allow user-supplied data to be inserted safely as values in dynamic SQL queries. Rather than construct the dynamic SQL query by concatenating user-supplied data to static SQL query string fragments, data values are identified in the query by parameter markers or variables. Dynamic data is then passed through a mechanism provided by SQL that prevents the supplied data from changing the meaning of the query.
Note: the exact syntax and use of prepared statements with parameterized queries vary from language to language.
This endpoint is intentionally vulnerable for security scanning demos. It uses direct string concatenation in SQL queries, making it susceptible to SQL injection attacks.
🤖 Generated with Claude Code
Thank you for submitting a pull request to the WebGoat!