From cb1c876f70e9fecaee2371844c0fd18258800b92 Mon Sep 17 00:00:00 2001
From: Andy Johnson <123596925+heyandyj@users.noreply.github.com>
Date: Tue, 28 Jan 2025 11:22:03 -0800
Subject: [PATCH] Fixing flask_webgoat/users.py for finding 8

---
 flask_webgoat/users.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flask_webgoat/users.py b/flask_webgoat/users.py
index a72e698e..f2e97157 100644
--- a/flask_webgoat/users.py
+++ b/flask_webgoat/users.py
@@ -35,13 +35,13 @@ def create_user():
         )
 
     # vulnerability: SQL Injection
-    query = (
-        "INSERT INTO user (username, password, access_level) VALUES ('%s', '%s', %d)"
-        % (username, password, int(access_level))
-    )
+    # mitigation: use parameterized query
+    query = "INSERT INTO user (username, password, access_level) VALUES (?, ?, ?)"
 
     try:
-        query_db(query, [], False, True)
+        query_db(query, (username, password, int(access_level)), False, True)
         return jsonify({"success": True})
     except sqlite3.Error as err:
-        return jsonify({"error": "could not create user:" + err})
+        return jsonify({"error": "could not create user:" + str(err)})
+
+