From 526d15962dd0441656ebac1f997b5d42a26091e4 Mon Sep 17 00:00:00 2001
From: Thomas Vu <vuytt007@mymail.unisa.edu.au>
Date: Tue, 29 Oct 2024 00:11:37 +1030
Subject: [PATCH] Completed assigment submission

---
 .../search-result/search-result.component.ts  |  1 +
 models/index.ts                               | 22 +++++++++----------
 routes/angular.ts                             |  1 +
 routes/login.ts                               | 13 ++++++++++-
 routes/search.ts                              |  8 ++++++-
 5 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/frontend/src/app/search-result/search-result.component.ts b/frontend/src/app/search-result/search-result.component.ts
index af46f3fed16..7cc0da2c93a 100644
--- a/frontend/src/app/search-result/search-result.component.ts
+++ b/frontend/src/app/search-result/search-result.component.ts
@@ -142,6 +142,7 @@ export class SearchResultComponent implements OnDestroy, AfterViewInit {
 
   // vuln-code-snippet start localXssChallenge xssBonusChallenge
   filterTable () {
+    console.log('In filterTable()')
     let queryParam: string = this.route.snapshot.queryParams.q
     if (queryParam) {
       queryParam = queryParam.trim()
diff --git a/models/index.ts b/models/index.ts
index c9603d1556c..70318767a96 100644
--- a/models/index.ts
+++ b/models/index.ts
@@ -28,17 +28,17 @@ import { WalletModelInit } from './wallet'
 
 const Sequelize = require('sequelize')
 
-const sequelize = new Sequelize('database', 'username', 'password', {
-  dialect: 'sqlite',
-  retry: {
-    match: [/SQLITE_BUSY/],
-    name: 'query',
-    max: 5
-  },
-  transactionType: 'IMMEDIATE',
-  storage: 'data/juiceshop.sqlite',
-  logging: false
-})
+  const sequelize = new Sequelize('database', 'username', 'password', {
+    dialect: 'sqlite',
+    retry: {
+      match: [/SQLITE_BUSY/],
+      name: 'query',
+      max: 5
+    },
+    transactionType: 'IMMEDIATE',
+    storage: 'data/juiceshop.sqlite',
+    logging: false
+  })
 AddressModelInit(sequelize)
 BasketModelInit(sequelize)
 BasketItemModelInit(sequelize)
diff --git a/routes/angular.ts b/routes/angular.ts
index 1d6c0e7d090..c63ceb6ec33 100644
--- a/routes/angular.ts
+++ b/routes/angular.ts
@@ -11,6 +11,7 @@ const utils = require('../lib/utils')
 module.exports = function serveAngularClient () {
   return ({ url }: Request, res: Response, next: NextFunction) => {
     if (!utils.startsWith(url, '/api') && !utils.startsWith(url, '/rest')) {
+      console.log('URL SENT IN FIRST IF: ' + url)
       res.sendFile(path.resolve('frontend/dist/frontend/index.html'))
     } else {
       next(new Error('Unexpected path: ' + url))
diff --git a/routes/login.ts b/routes/login.ts
index fac90717155..e890f2aa875 100644
--- a/routes/login.ts
+++ b/routes/login.ts
@@ -33,7 +33,18 @@ module.exports = function login () {
 
   return (req: Request, res: Response, next: NextFunction) => {
     verifyPreLoginChallenges(req) // vuln-code-snippet hide-line
-    models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: UserModel, plain: true }) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge
+    models.sequelize.query(`SELECT * FROM Users WHERE email = '${req.body.email || ''}' AND password = '${security.hash(req.body.password || '')}' AND deletedAt IS NULL`, { model: UserModel, plain: true })
+    models.sequelize.query(
+      'SELECT * FROM Users WHERE email = :email AND password = :password AND deletedAt IS NULL',
+      {
+        replacements: {
+          email: req.body.email || '',
+          password: security.hash(req.body.password || '')
+        },
+        model: UserModel,
+        plain: true
+      }
+    ) // vuln-code-snippet vuln-line loginAdminChallenge loginBenderChallenge loginJimChallenge
       .then((authenticatedUser: { data: User }) => { // vuln-code-snippet neutral-line loginAdminChallenge loginBenderChallenge loginJimChallenge
         const user = utils.queryResultToJson(authenticatedUser)
         if (user.data?.id && user.data.totpSecret !== '') {
diff --git a/routes/search.ts b/routes/search.ts
index 5e16e54fca0..163f4dc2c0d 100644
--- a/routes/search.ts
+++ b/routes/search.ts
@@ -6,6 +6,7 @@
 import models = require('../models/index')
 import { Request, Response, NextFunction } from 'express'
 import { UserModel } from '../models/user'
+import { QueryTypes } from 'sequelize'
 
 const utils = require('../lib/utils')
 const challengeUtils = require('../lib/challengeUtils')
@@ -20,7 +21,12 @@ module.exports = function searchProducts () {
   return (req: Request, res: Response, next: NextFunction) => {
     let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
     criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
-    models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`) // vuln-code-snippet vuln-line unionSqlInjectionChallenge dbSchemaChallenge
+    const query = 'SELECT * FROM Products WHERE ((name LIKE ? OR description LIKE ?) AND deletedAt IS NULL) ORDER BY name'
+    models.sequelize.query(query, {
+      replacements: [`%${criteria}%`, `%${criteria}%`],
+      type: QueryTypes.SELECT,
+      logging: (query: any) => console.log(`SQL Query: ${query}`)
+    })
       .then(([products]: any) => {
         const dataString = JSON.stringify(products)
         if (challengeUtils.notSolved(challenges.unionSqlInjectionChallenge)) { // vuln-code-snippet hide-start