expression changed to empty string from empty list, skipping empty patch #29
Veracode Fix suggestions
Will create Veracode Fix suggestions as PR annotation
Annotations
Check warning on line 54 in app/views/blabController.py
github-actions / Veracode Fix suggestions
Securityy findings
logger.info("Executing query to get all 'Blabs for me'")
blabsForMe = sqlBlabsForMe.format(10, 0)
- cursor.execute(blabsForMe % (username,))
+ cursor.execute(blabsForMe, (username, ))
blabsForMeResults = cursor.fetchall()
feedBlabs = []
Check warning on line 78 in app/views/blabController.py
github-actions / Veracode Fix suggestions
Securityy findings
# Find the Blabs by this user
logger.info("Executing query to get all of user's Blabs")
- cursor.execute(sqlBlabsByMe % (username,))
+ cursor.execute("SELECT * FROM blabsByMe %s;", (username, ))
blabsByMeResults = cursor.fetchall()
myBlabs = []
Check warning on line 123 in app/views/blabController.py
github-actions / Veracode Fix suggestions
Securityy findings
addBlabSql = "INSERT INTO blabs (blabber, content, timestamp) values ('%s', '%s', datetime('now'));"
logger.info("Executing query to add new blab")
- cursor.execute(addBlabSql % (username, blab))
+ cursor.execute("INSERT INTO blabs (blabber, content, timestamp) values (?,?, datetime('now'))", [username, blab])
if not cursor.rowcount:
request.error = "Failed to add blab"
Check warning on line 176 in app/views/blabController.py
github-actions / Veracode Fix suggestions
Securityy findings
except Exception as e:
logger.error("Unexpected error", e)
- return HttpResponse(ret)
+ return escape(HttpResponse(ret))
# Brings up the page to view a blab, or to write a blab
def blab(request):
Check warning on line 204 in app/views/blabController.py
github-actions / Veracode Fix suggestions
Securityy findings
with connection.cursor() as cursor:
logger.info("Executing query to see Blab details")
- cursor.execute(blabDetailsSql % (blabid,))
+ cursor.execute(blabDetailsSql, (blabid, ))
blabDetailsResults = cursor.fetchone()
if (blabDetailsResults):
Check warning on line 214 in app/views/blabController.py
github-actions / Veracode Fix suggestions
Securityy findings
# Get comments
logger.info("Executing query to get all comments")
- cursor.execute(blabCommentsSql % (blabid,))
+ cursor.execute("%s %s" % (blabCommentsSql, (blabCommentsSql, )))
blabCommentsResults = cursor.fetchall()
comments = []
Check warning on line 303 in app/views/blabController.py
github-actions / Veracode Fix suggestions
Securityy findings
logger.info(blabbersSql)
logger.info("Executing query to see Blab details")
- cursor.execute(blabbersSql % (username, username))
+ cursor.execute("SELECT * FROM users WHERE username = %s;", (username, ))
blabbersResults = cursor.fetchall()
blabbers = []
Check warning on line 163 in app/templates/app/feed.html
github-actions / Veracode Fix suggestions
Securityy findings
len : 10
}, function(data) {
if (data) {
- $("#feed ul").append(data);
+$("#feed ul").append(DOMPurify.sanitize(data));
} else {
$(obj).remove();
}
Check warning on line 227 in app/templates/app/profile.html
github-actions / Veracode Fix suggestions
Securityy findings
$('input[name="' + key + '"]').val(val);
if (key === "username") {
- $('#profileImage').attr('src', image_path + val + '.png');
+$('#profileImage').attr('src', DOMPurify.sanitize(image_path + val + '.png'));
}
});
}
if ('message' in data) {
- $('body').append(data.message);
+$('body').append(DOMPurify.sanitize(data.message));
}
}
},
Check warning on line 66 in app/views/resetController.py
github-actions / Veracode Fix suggestions
Securityy findings
elif(request.method == "POST"):
return processReset(request)
else:
- h = httplib2.Http(".cache", disable_ssl_certificate_validation=True) #CWE-295
+ h = httplib2.Http(".cache", disable_ssl_certificate_validation=False) #CWE-295
h.add_credentials('thiswaskevinsidea','hardcode') #CWE-798
data=h.request("http://localhost/",method='GET')
return data
Check warning on line 115 in app/views/resetController.py
github-actions / Veracode Fix suggestions
Securityy findings
listenersStatement = "INSERT INTO listeners (blabber, listener, status) values ('%s', '%s', 'Active');"
for blabber in users[2:]:
for listener in users[2:]:
- if rand.choice([False, True]) and (blabber != listener):
+ rand = random.SystemRandom()
+ if rand.choice([False, True]) and (blabber!= listener):
logger.info("Adding " + listener.username + " as a listener of " + blabber.username)
Check warning on line 133 in app/views/resetController.py
github-actions / Veracode Fix suggestions
Securityy findings
blabsStatement = "INSERT INTO blabs (blabber, content, timestamp) values (%s, %s, datetime('now'));"
for blabContent in blabsContent:
# Get the array offset for a random user
- randomUserOffset = rand.randint(2,len(users) - 1)
+ rand = random.SystemRandom()
+ randomUserOffset = rand.randint(2, len(users) - 1)
# get the number or seconds until some time in the last 30 days.
#vary = rand.randint(0,(30 * 24 * 3600)+1)
Check warning on line 166 in app/views/resetController.py
github-actions / Veracode Fix suggestions
Securityy findings
for i in range(len(blabsContent)):
# Add a random number of comment
count = rand.randint(0,5) # between 0 and 6
+ rand = random.SystemRandom()
for j in range(count) :
# Get the array offset for a random user
- randomUserOffset = rand.randint(2,len(users)-1) #removed +1 cause no admin, removed -2 because no admin and inclusive.
+ randomUserOffset = rand.SystemRandom().randint(2, len(users)-1) # removed +1 cause no admin, removed -2 because no admin and inclusive.
username = users[randomUserOffset].username
# Pick a random comment to add
- commentNum = rand.randint(0,len(commentsContent)-1)
+ rand = random.SystemRandom()
+ commentNum = rand.randint(0, len(commentsContent)-1)
comment = commentsContent[commentNum]
# get the number or seconds until some time in the last 30 days.
- vary = rand.randint(0,(30 * 24 * 3600)+1)
+ vary = rand.SystemRandom().randint(0, (30 * 24 * 3600)+1)
logger.info("Adding a comment from " + username + " on blab ID " + str(i))
Check warning on line 28 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
from app.models import User, Blabber
from app.forms import RegisterForm
+from html import escape
# Get logger
Check warning on line 143 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
blab_name=row["blab_name"])
response = updateInResponse(currentUser, response)
- update = "UPDATE users SET last_login=datetime('now') WHERE username='" + row['username'] + "';"
- cursor.execute(update)
+ update = "UPDATE users SET last_login=datetime(%s) WHERE username='" + row['username'] + "';"
+ cursor.execute(update, (row["last_login"],))
# if the username ends with "totp", add the TOTP login step
if username[-4:].lower() == "totp":
Check warning on line 190 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
try:
logger.info("Creating the Database connection")
with connection.cursor() as cursor:
- sql = "SELECT password_hint FROM users WHERE username = '" + username + "'"
+ sql = "SELECT password_hint FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
row = cursor.fetchone()
if (row):
Check warning on line 203 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
formatString = "Username '" + username + "' has password: {}"
hint = formatString.format(password[:2] + ("*" * (len(password) - 2)))
logger.info(hint)
- return HttpResponse(hint)
+ return HttpResponse(escape(hint))
else:
- return HttpResponse("No password found for " + username)
+ return HttpResponse(escape("No password found for " + username))
except DatabaseError as db_err:
logger.error("Database error", db_err)
return HttpResponse("ERROR!")
Check warning on line 231 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
#Create db connection
with connection.cursor() as cursor:
- sql = "SELECT totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
result = cursor.fetchone()
if result:
Check warning on line 265 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
with connection.cursor() as cursor:
- sql = "SELECT totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
result = cursor.fetchone()
if result:
Check warning on line 346 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
logger.info("Creating the Database connection")
try:
with connection.cursor() as cursor:
- sqlQuery = "SELECT username FROM users WHERE username = '" + username + "'"
- cursor.execute(sqlQuery)
+ sqlQuery = "SELECT username FROM users WHERE username = %s"
+ cursor.execute(sqlQuery, (username,))
row = cursor.fetchone()
if (row):
request.error = "Username '" + username + "' already exists!"
Check warning on line 424 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
query += ("'" + blabName + "'")
query += (");")
#execute query
- cursor.execute(query)
+ cursor.execute('%s', (password, ))
sqlStatement = cursor.fetchone() #<- variable for response
logger.info(query)
# END EXAMPLE VULNERABILITY
Check warning on line 517 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
events = []
# START EXAMPLE VULNERABILITY
- sqlMyEvents = "select event from users_history where blabber=\"" + username + "\" ORDER BY eventid DESC; "
+ sqlMyEvents = "select event from users_history where blabber=%s ORDER BY eventid DESC; "
logger.info(sqlMyEvents)
- cursor.execute(sqlMyEvents)
+ cursor.execute(sqlMyEvents, (username,))
userHistoryResult = cursor.fetchall()
# END EXAMPLE VULNERABILITY
Check warning on line 527 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
events.append(result[0])
# Get the users information
- sql = "SELECT username, real_name, blab_name, totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT username, real_name, blab_name, totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
myInfoResults = cursor.fetchone()
if not myInfoResults:
return JsonResponse({'message':'Error, no Inforesults found'})
Check warning on line 564 in app/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
# Initial response only get returns if everything else succeeds.
# This must be here in order to use set_cookie later in the program
msg = f"<script>alert('Successfully changed values!\\nusername: {username.lower()}\\nReal Name: {realName}\\nBlab Name: {blabName}');</script>"
- response = JsonResponse({'values':{"username": username.lower(), "realName": realName, "blabName": blabName}, 'message':msg},status=200)
+ response = escape(JsonResponse({'values':{"username": username.lower(), "realName": realName, "blabName": blabName},'message':msg}, status=200))
logger.info("entering processProfile")
sessionUsername = request.session.get('username')