Skip to content

AutoFix PR #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
heyandyj merged 1 commit into from
Jan 28, 2025
Merged

AutoFix PR #2

heyandyj merged 1 commit into from
Jan 28, 2025

Conversation

@heyandyj
Copy link
Owner

@heyandyj heyandyj commented Jan 28, 2025
edited
Loading

Qwiet AI AutoFix

This PR was created automatically by the Qwiet AI AutoFix tool.
As long as it is open, subsequent scans and generated fixes to this same branch will be added to it as new commits.

Each commit fixes one vulnerability.

Some manual intervention might be required before merging this PR.

Project Information

Findings/Vulnerabilities Fixed

Finding 8: SQL Injection: Attacker-controlled Data Used in SQL Query in users.py

Commits/Files Changed
Details
Vulnerability Description

Attacker controlled data is used in a SQL query without undergoing escaping or validation. This indicates a SQL injection vulnerability.

  • Severity: critical

  • CVSS Score: 9 (critical)

  • CWE: CWE-89: SQL Injection

Attack Payloads 
[
1.('O\'Connor', 'weakpassword', 1)
2.('O\'Connor', 'weakpassword; DELETE FROM user; --', 1)
3.('O\'Connor', 'weakpassword; DROP TABLE user; --', 1)
4.('O\'Connor', 'weakpassword; UPDATE user SET access_level = 0 WHERE access_level = 1; --', 1)
5.('O\'Connor', 'weakpassword; SELECT * FROM user WHERE access_level = 0; --', 1)
]
Testcases 
def test_create_user_positive():
    # Arrange
    app.config['TESTING'] = True
    client = app.test_client()
    mock_query_db = MagicMock()
    with patch('flask_webgoat.query_db', mock_query_db):
        # Act
        response = client.post('/create_user', data=dict(
            username='JohnDoe',
            password='securepassword',
            access_level='1'
        ))
        # Assert
        assert response.status_code == 200
        mock_query_db.assert_called_once_with(
            "INSERT INTO user (username, password, access_level) VALUES ('JohnDoe', 'securepassword', 1)",
            [], False, True
        )

def test_create_user_negative():
    # Arrange
    app.config['TESTING'] = True
    client = app.test_client()
    mock_query_db = MagicMock()
    mock_query_db.side_effect = sqlite3.Error('database error')
    with patch('flask_webgoat.query_db', mock_query_db):
        # Act
        response = client.post('/create_user', data=dict(
            username='JohnDoe',
            password='weak',
            access_level='1'
        ))
        # Assert
        assert response.status_code == 200
        assert 'could not create user:database error' in response.get_json()['error']

@heyandyj heyandyj self-assigned this Jan 28, 2025
@heyandyj heyandyj merged commit 63b26f7 into master Jan 28, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@heyandyj heyandyj

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@heyandyj