add an error to kotlin-sample

tweag · Oct 18, 2024 · 41dab80 · 41dab80
1 parent 98b4c89
commit 41dab80
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/.github/workflows/codeql-kotlin.yaml b/.github/workflows/codeql-kotlin.yaml
@@ -1,4 +1,4 @@
-name: "CodeQL Advanced"
+name: "CodeQL Advanced - Kotlin"
 
 on:
   pull_request:
@@ -40,7 +40,6 @@ jobs:
       shell: bash
       run: |
         cd kotlin-sample; gradle build -Dorg.gradle.jvmargs=-Xmx2g --info
-        exit 1
       
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3

diff --git a/kotlin-sample/app/build.gradle.kts b/kotlin-sample/app/build.gradle.kts
@@ -29,6 +29,9 @@ dependencies {
 
     // This dependency is used by the application.
     implementation(libs.guava)
+
+    implementation("mysql:mysql-connector-java:8.0.33") // MySQL driver for JDBC
+    testImplementation(kotlin("test"))
 }
 
 // Apply a specific Java toolchain to ease working on different environments.

diff --git a/kotlin-sample/app/src/main/kotlin/org/example/App.kt b/kotlin-sample/app/src/main/kotlin/org/example/App.kt
@@ -3,13 +3,55 @@
  */
 package org.example
 
+import java.sql.Connection
+import java.sql.DriverManager
+import java.sql.ResultSet
+import java.sql.Statement
+
 class App {
     val greeting: String
         get() {
             return "Hello World!"
         }
 }
 
+fun getUserData(userId: String): ResultSet? {
+    var resultSet: ResultSet? = null
+    var connection: Connection? = null
+    var statement: Statement? = null
+
+    try {
+        // Create a connection to the database (replace with your DB credentials)
+        connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/mydatabase", "user", "password")
+
+        // Create a statement
+        statement = connection.createStatement()
+
+        // Vulnerable query (user input directly inserted into SQL query, leading to SQL injection)
+        val query = "SELECT * FROM users WHERE id = '$userId'"
+
+        // Execute the query
+        resultSet = statement.executeQuery(query)
+
+    } catch (e: Exception) {
+        e.printStackTrace()
+    } finally {
+        statement?.close()
+        connection?.close()
+    }
+
+    return resultSet
+}
+
 fun main() {
-    println(App().greeting)
+      // Example input that could be used for SQL injection
+    val userId = "1 OR 1=1"
+    val resultSet = getUserData(userId)
+
+    // Process the result set
+    resultSet?.let {
+        while (it.next()) {
+            println("User ID: ${it.getString("id")}, Name: ${it.getString("name")}")
+        }
+    }
 }