Skip to content

Adding login endpoint #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Adding login endpoint #2

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8e8d71c
Adding login endpoint
unionfindbee Nov 1, 2023
0c8b147
Adding login endpoint
unionfindbee Nov 1, 2023
0b6201d
Adding login endpoint
unionfindbee Nov 2, 2023
df76513
adding vulnerable attachment endpoint
unionfindbee Nov 9, 2023
42e85cc
adding attachments
unionfindbee Nov 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/mapi.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ jobs:
flags: vulnerability-tests
fail_ci_if_error: true

- name: Archive Mayhem for API report
- name: Archive Mayhem for API report
uses: actions/upload-artifact@v3
with:
name: mapi-report
Expand Down
17 changes: 17 additions & 0 deletions app.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,23 @@ db.run('CREATE TABLE users (email TEXT, password TEXT)', (err) => {
app.get('/', (req, res) => {
res.send('Hello, World!');
});

// Login endpoint (Unsafe)
app.get('/login', (req, res) => {
const { email, password } = req.query;

Check warning

Code scanning / CodeQL

Sensitive data read from GET request

[Route handler](1) for GET requests uses query parameter as sensitive data.

if (!email || !password) {
return res.status(400).send('Email and password are required');
}
const query = `SELECT * FROM users WHERE email = '${email}' and password = '${password}'`;

db.get(query, [], (err, row) => {

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query string depends on a [user-provided value](1). This query string depends on a [user-provided value](2).
if (err) {
return res.status(500).send(`{"error": "${err.stack}"}`);

Check warning

Code scanning / CodeQL

Exception text reinterpreted as HTML

[Exception text](1) is reinterpreted as HTML without escaping meta-characters. [Exception text](2) is reinterpreted as HTML without escaping meta-characters.
}
return res.send('Login successful');
});
});
Comment on lines +29 to +43

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [a database access](1), but is not rate-limited.

const server = app.listen(port, () => {
console.log(`Listening at http://localhost:${port}`);
Expand Down
34 changes: 33 additions & 1 deletion openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,36 @@ paths:
type: string
example: Hello, World!


/login:
get:
summary: User login
description: "Allows user to log in (Note: this is an unsafe method and not recommended for production use)."
parameters:
- in: query
name: email
required: true
description: User's email
schema:
type: string
format: email
- in: query
name: password
required: true
description: User's password
schema:
type: string
responses:
'200':
description: Login successful
content:
text/html:
schema:
type: string
example: "<p>Login successful</p>"
'400':
description: Bad request, parameters missing or invalid
content:
text/html:
schema:
type: string
example: "<p>Bad request</p>"