expression changed to empty string from empty list, skipping empty patch #19
Conversation
|
Caution Breaking Flaws identified in code! Fixes for app/views/blabController.py: Fix suggestions: --- app/views/blabController.py
+++ app/views/blabController.py
@@ -48,7 +48,7 @@
logger.info("Executing query to get all 'Blabs for me'")
blabsForMe = sqlBlabsForMe.format(10, 0)
- cursor.execute(blabsForMe % (username,))
+ cursor.execute(blabsForMe, (username, ))
blabsForMeResults = cursor.fetchall()
feedBlabs = []
@@ -72,7 +72,7 @@
# Find the Blabs by this user
logger.info("Executing query to get all of user's Blabs")
- cursor.execute(sqlBlabsByMe % (username,))
+ cursor.execute("SELECT * FROM blabsByMe %s;", (username, ))
blabsByMeResults = cursor.fetchall()
myBlabs = []
@@ -117,7 +117,7 @@
addBlabSql = "INSERT INTO blabs (blabber, content, timestamp) values ('%s', '%s', datetime('now'));"
logger.info("Executing query to add new blab")
- cursor.execute(addBlabSql % (username, blab))
+ cursor.execute("INSERT INTO blabs (blabber, content, timestamp) values (?,?, datetime('now'))", [username, blab])
if not cursor.rowcount:
request.error = "Failed to add blab"
@@ -170,7 +170,7 @@
except Exception as e:
logger.error("Unexpected error", e)
- return HttpResponse(ret)
+ return escape(HttpResponse(ret))
# Brings up the page to view a blab, or to write a blab
def blab(request):
@@ -198,7 +198,7 @@
with connection.cursor() as cursor:
logger.info("Executing query to see Blab details")
- cursor.execute(blabDetailsSql % (blabid,))
+ cursor.execute(blabDetailsSql, (blabid, ))
blabDetailsResults = cursor.fetchone()
if (blabDetailsResults):
@@ -208,7 +208,7 @@
# Get comments
logger.info("Executing query to get all comments")
- cursor.execute(blabCommentsSql % (blabid,))
+ cursor.execute("%s %s" % (blabCommentsSql, (blabCommentsSql, )))
blabCommentsResults = cursor.fetchall()
comments = []
@@ -297,7 +297,7 @@
logger.info(blabbersSql)
logger.info("Executing query to see Blab details")
- cursor.execute(blabbersSql % (username, username))
+ cursor.execute("SELECT * FROM users WHERE username = %s;", (username, ))
blabbersResults = cursor.fetchall()
blabbers = []
|
|
Caution Breaking Flaws identified in code! Fixes for app/templates/app/feed.html: Fix suggestions: --- app/templates/app/feed.html
+++ app/templates/app/feed.html
@@ -157,7 +157,7 @@
len : 10
}, function(data) {
if (data) {
- $("#feed ul").append(data);
+$("#feed ul").append(DOMPurify.sanitize(data));
} else {
$(obj).remove();
}
|
|
Caution Breaking Flaws identified in code! Fixes for app/templates/app/profile.html: Fix suggestions: --- app/templates/app/profile.html
+++ app/templates/app/profile.html
@@ -216,12 +216,12 @@
$('input[name="' + key + '"]').val(val);
if (key === "username") {
- $('#profileImage').attr('src', image_path + val + '.png');
+$('#profileImage').attr('src', DOMPurify.sanitize(image_path + val + '.png'));
}
});
}
if ('message' in data) {
- $('body').append(data.message);
+$('body').append(DOMPurify.sanitize(data.message));
}
}
},
|
|
Caution Breaking Flaws identified in code! Fixes for app/views/resetController.py: Fix suggestions: --- app/views/resetController.py
+++ app/views/resetController.py
@@ -60,7 +60,7 @@
elif(request.method == "POST"):
return processReset(request)
else:
- h = httplib2.Http(".cache", disable_ssl_certificate_validation=True) #CWE-295
+ h = httplib2.Http(".cache", disable_ssl_certificate_validation=False) #CWE-295
h.add_credentials('thiswaskevinsidea','hardcode') #CWE-798
data=h.request("http://localhost/",method='GET')
return data
@@ -108,7 +108,8 @@
listenersStatement = "INSERT INTO listeners (blabber, listener, status) values ('%s', '%s', 'Active');"
for blabber in users[2:]:
for listener in users[2:]:
- if rand.choice([False, True]) and (blabber != listener):
+ rand = random.SystemRandom()
+ if rand.choice([False, True]) and (blabber!= listener):
logger.info("Adding " + listener.username + " as a listener of " + blabber.username)
@@ -125,7 +126,8 @@
blabsStatement = "INSERT INTO blabs (blabber, content, timestamp) values (%s, %s, datetime('now'));"
for blabContent in blabsContent:
# Get the array offset for a random user
- randomUserOffset = rand.randint(2,len(users) - 1)
+ rand = random.SystemRandom()
+ randomUserOffset = rand.randint(2, len(users) - 1)
# get the number or seconds until some time in the last 30 days.
#vary = rand.randint(0,(30 * 24 * 3600)+1)
@@ -145,18 +147,20 @@
for i in range(len(blabsContent)):
# Add a random number of comment
count = rand.randint(0,5) # between 0 and 6
+ rand = random.SystemRandom()
for j in range(count) :
# Get the array offset for a random user
- randomUserOffset = rand.randint(2,len(users)-1) #removed +1 cause no admin, removed -2 because no admin and inclusive.
+ randomUserOffset = rand.SystemRandom().randint(2, len(users)-1) # removed +1 cause no admin, removed -2 because no admin and inclusive.
username = users[randomUserOffset].username
# Pick a random comment to add
- commentNum = rand.randint(0,len(commentsContent)-1)
+ rand = random.SystemRandom()
+ commentNum = rand.randint(0, len(commentsContent)-1)
comment = commentsContent[commentNum]
# get the number or seconds until some time in the last 30 days.
- vary = rand.randint(0,(30 * 24 * 3600)+1)
+ vary = rand.SystemRandom().randint(0, (30 * 24 * 3600)+1)
logger.info("Adding a comment from " + username + " on blab ID " + str(i))
|
|
Caution Breaking Flaws identified in code! Fixes for app/views/userController.py: Fix suggestions: --- app/views/userController.py
+++ app/views/userController.py
@@ -22,6 +22,7 @@
from app.models import User, Blabber
from app.forms import RegisterForm
+from html import escape
# Get logger
@@ -135,8 +136,8 @@
blab_name=row["blab_name"])
response = updateInResponse(currentUser, response)
- update = "UPDATE users SET last_login=datetime('now') WHERE username='" + row['username'] + "';"
- cursor.execute(update)
+ update = "UPDATE users SET last_login=datetime(%s) WHERE username='" + row['username'] + "';"
+ cursor.execute(update, (row["last_login"],))
# if the username ends with "totp", add the TOTP login step
if username[-4:].lower() == "totp":
@@ -181,9 +182,9 @@
try:
logger.info("Creating the Database connection")
with connection.cursor() as cursor:
- sql = "SELECT password_hint FROM users WHERE username = '" + username + "'"
+ sql = "SELECT password_hint FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
row = cursor.fetchone()
if (row):
@@ -194,9 +195,9 @@
formatString = "Username '" + username + "' has password: {}"
hint = formatString.format(password[:2] + ("*" * (len(password) - 2)))
logger.info(hint)
- return HttpResponse(hint)
+ return HttpResponse(escape(hint))
else:
- return HttpResponse("No password found for " + username)
+ return HttpResponse(escape("No password found for " + username))
except DatabaseError as db_err:
logger.error("Database error", db_err)
return HttpResponse("ERROR!")
@@ -222,9 +223,9 @@
#Create db connection
with connection.cursor() as cursor:
- sql = "SELECT totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
result = cursor.fetchone()
if result:
@@ -256,9 +257,9 @@
with connection.cursor() as cursor:
- sql = "SELECT totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
result = cursor.fetchone()
if result:
@@ -338,8 +339,8 @@
logger.info("Creating the Database connection")
try:
with connection.cursor() as cursor:
- sqlQuery = "SELECT username FROM users WHERE username = '" + username + "'"
- cursor.execute(sqlQuery)
+ sqlQuery = "SELECT username FROM users WHERE username = %s"
+ cursor.execute(sqlQuery, (username,))
row = cursor.fetchone()
if (row):
request.error = "Username '" + username + "' already exists!"
@@ -417,7 +418,7 @@
query += ("'" + blabName + "'")
query += (");")
#execute query
- cursor.execute(query)
+ cursor.execute('%s', (password, ))
sqlStatement = cursor.fetchone() #<- variable for response
logger.info(query)
# END EXAMPLE VULNERABILITY
@@ -508,9 +509,9 @@
events = []
# START EXAMPLE VULNERABILITY
- sqlMyEvents = "select event from users_history where blabber=\"" + username + "\" ORDER BY eventid DESC; "
+ sqlMyEvents = "select event from users_history where blabber=%s ORDER BY eventid DESC; "
logger.info(sqlMyEvents)
- cursor.execute(sqlMyEvents)
+ cursor.execute(sqlMyEvents, (username,))
userHistoryResult = cursor.fetchall()
# END EXAMPLE VULNERABILITY
@@ -518,9 +519,9 @@
events.append(result[0])
# Get the users information
- sql = "SELECT username, real_name, blab_name, totp_secret FROM users WHERE username = '" + username + "'"
+ sql = "SELECT username, real_name, blab_name, totp_secret FROM users WHERE username = %s"
logger.info(sql)
- cursor.execute(sql)
+ cursor.execute(sql, (username,))
myInfoResults = cursor.fetchone()
if not myInfoResults:
return JsonResponse({'message':'Error, no Inforesults found'})
@@ -557,7 +558,7 @@
# Initial response only get returns if everything else succeeds.
# This must be here in order to use set_cookie later in the program
msg = f"<script>alert('Successfully changed values!\\nusername: {username.lower()}\\nReal Name: {realName}\\nBlab Name: {blabName}');</script>"
- response = JsonResponse({'values':{"username": username.lower(), "realName": realName, "blabName": blabName}, 'message':msg},status=200)
+ response = escape(JsonResponse({'values':{"username": username.lower(), "realName": realName, "blabName": blabName},'message':msg}, status=200))
logger.info("entering processProfile")
sessionUsername = request.session.get('username')
|
No description provided.