forked from EyalDelarea/JFrog-Frogbot-Demo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsast-test.js
More file actions
27 lines (22 loc) · 749 Bytes
/
sast-test.js
File metadata and controls
27 lines (22 loc) · 749 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// MULTIPLE SAST VIOLATIONS - Copy this entire fi
const express = require('express');
const app = express();
// SQL Injection #1
app.get('/user/:id', (req, res) => {
const id = req.params.id;
const sql = `SELECT * FROM users WHERE id='${id}'`; // VIOLATION 1
db.query(sql, (err, results) => res.json(results));
});
// eval() #2
app.post('/execute', (req, res) => {
eval(req.body.code); // VIOLATION 2
res.send('Executed');
});
// Command injection #3
const { exec } = require('child_process');
app.get('/run', (req, res) => {
exec(req.query.cmd, (err, stdout) => res.send(stdout)); // VIOLATION 3
});
// Hardcoded secret #4
const AWS_SECRET = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"; // VIOLATION 4
app.listen(3000);