flow test #39
Veracode Fix suggestions
Will create Veracode Fix suggestions as PR annotation
Annotations
Check warning on line 28 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
from application.models import User, Blabber
from application.forms import RegisterForm
+from html import escape
# Get logger
Check warning on line 115 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
parsed = sqlparse.parse(sqlQuery)[0]
logger.info("Attempted login with username and password: " + parsed[8].value)
- cursor.execute(sqlQuery)
+ cursor.execute("%s", (username,))
# END VULN CODE
# GOOD CODE
# sqlQuery = "select username, password, password_hint, created_at, last_login, \
Check warning on line 143 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
blab_name=row["blab_name"])
response = updateInResponse(currentUser, response)
- update = "UPDATE users SET last_login=datetime('now') WHERE username='" + row['username'] + "';"
- cursor.execute(update)
+ update = "UPDATE users SET last_login=datetime('now') WHERE username=%s;"
+ cursor.execute(update, (username, ))
# if the username ends with "totp", add the TOTP login step
if username[-4:].lower() == "totp":
Check warning on line 190 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
try:
logger.info("Creating the Database connection")
with connection.cursor() as cursor:
- sql = "SELECT password_hint FROM users WHERE username = '" + username + "'"
+ sql = "SELECT password_hint FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
row = cursor.fetchone()
if (row):
Check warning on line 203 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
formatString = "Username '" + username + "' has password: {}"
hint = formatString.format(password[:2] + ("*" * (len(password) - 2)))
logger.info(hint)
- return HttpResponse(hint)
+ return HttpResponse(escape(hint))
else:
- return HttpResponse("No password found for " + username)
+ return HttpResponse(escape("No password found for " + username))
except DatabaseError as db_err:
logger.error("Database error", db_err)
return HttpResponse("ERROR!")
Check warning on line 231 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
#Create db connection
with connection.cursor() as cursor:
- sql = "SELECT totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
result = cursor.fetchone()
if result:
Check warning on line 265 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
with connection.cursor() as cursor:
- sql = "SELECT totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
result = cursor.fetchone()
if result:
Check warning on line 346 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
logger.info("Creating the Database connection")
try:
with connection.cursor() as cursor:
- sqlQuery = "SELECT username FROM users WHERE username = '" + username + "'"
- cursor.execute(sqlQuery)
+ sqlQuery = "SELECT username FROM users WHERE username = %s"
+ cursor.execute(sqlQuery, (username,))
row = cursor.fetchone()
if (row):
request.error = "Username '" + username + "' already exists!"
Check warning on line 424 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
query += ("'" + blabName + "'")
query += (");")
#execute query
- cursor.execute(query)
+ cursor.execute("%s", (password,))
sqlStatement = cursor.fetchone() #<- variable for response
logger.info(query)
# END EXAMPLE VULNERABILITY
Check warning on line 498 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
with connection.cursor() as cursor:
# Find the Blabbers that this user listens to
logger.info(sqlMyHecklers)
- cursor.execute(sqlMyHecklers % username)
+ cursor.execute(sqlMyHecklers, (username,))
myHecklersResults = cursor.fetchall()
hecklers=[]
for i in myHecklersResults:
Check warning on line 517 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
events = []
# START EXAMPLE VULNERABILITY
- sqlMyEvents = "select event from users_history where blabber=\"" + username + "\" ORDER BY eventid DESC; "
- logger.info(sqlMyEvents)
- cursor.execute(sqlMyEvents)
+ sqlMyEvents = "select event from users_history where blabber=%s ORDER BY eventid DESC; "
+ logger.info(sqlMyEvents, (username,))
+ cursor.execute(sqlMyEvents, (username,))
userHistoryResult = cursor.fetchall()
# END EXAMPLE VULNERABILITY
Check warning on line 527 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
events.append(result[0])
# Get the users information
- sql = "SELECT username, real_name, blab_name, totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT username, real_name, blab_name, totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username, ))
myInfoResults = cursor.fetchone()
if not myInfoResults:
return JsonResponse({'message':'Error, no Inforesults found'})
Check warning on line 564 in application/views/userController.py
github-actions / Veracode Fix suggestions
Securityy findings
# Initial response only get returns if everything else succeeds.
# This must be here in order to use set_cookie later in the program
msg = f"<script>alert('Successfully changed values!\\nusername: {username.lower()}\\nReal Name: {realName}\\nBlab Name: {blabName}');</script>"
- response = JsonResponse({'values':{"username": username.lower(), "realName": realName, "blabName": blabName}, 'message':msg},status=200)
+ response = JsonResponse({'values':escape({"username": username.lower(), "realName": realName, "blabName": blabName}),'message':msg}, status=200)
logger.info("entering processProfile")
sessionUsername = request.session.get('username')