Skip to content

Commit

Permalink
chore: add vulnerable code
Browse files Browse the repository at this point in the history
  • Loading branch information
@mitchell-liatrio
mitchell-liatrio committed May 23, 2024
1 parent 0665404 commit 9b8f0aa
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions src/main/java/com/liatrio/dojo/devopsknowledgeshareapi/PostController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,33 @@ public PostController(PostRepository repository) {

@GetMapping("/posts")
public Collection<Post> posts() {
log.info("{}: recieved a GET request", deploymentType);
log.info("{}: received a GET request", deploymentType);
return repository.findAll().stream().collect(Collectors.toList());
}

@PostMapping("/posts")
public Post post(@RequestBody Post post, HttpServletResponse resp) {
log.info("{}: recieved a POST request", deploymentType);
log.info("{}: received a POST request", deploymentType);
return repository.save(post);
}

@DeleteMapping("/posts/{id}")
public void deletePost(@PathVariable("id") String id) {
log.info("{}: recieved a DELETE request", deploymentType);
log.info("{}: received a DELETE request", deploymentType);
repository.deleteById(Long.parseLong(id));
}

@GetMapping("/posts/{id}")
public Post getPostById(@PathVariable("id") String id) {
log.info("{}: received a GET request for post with id {}", deploymentType, id);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
Loading
.
return repository.findById(Long.parseLong(id)).orElse(null);
}

@GetMapping("/posts/search")
public Collection<Post> searchPosts(@RequestParam("query") String query) {
log.info("{}: received a GET request to search posts with query: {}", deploymentType, query);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
Loading
.
// WARNING: This code is vulnerable to SQL injection
String sql = "SELECT * FROM posts WHERE title LIKE '%" + query + "%'";
return repository.search(sql);
}
}

0 comments on commit 9b8f0aa

Please sign in to comment.