Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create product #9

Closed
wants to merge 13 commits into from
Closed

Create product #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
ccb1d46
chore: Add create product functionality
austenstone Aug 7, 2024
6dc11dc
Merge branch 'master' into create-product
austenstone Aug 7, 2024
620e7ce
Update Dockerfile to use Node.js version 18 instead of 19.4.0-bullsey…
austenstone Aug 7, 2024
51fa5e8
Merge branch 'create-product' of github.com:octodemo/vulnerable-node …
austenstone Aug 7, 2024
a4b47ee
Update Dockerfile to use Node.js version 18.5.0-bullseye-slim.
austenstone Aug 7, 2024
51b76d4
Update Dockerfile to use Node.js version 18.5.0-buster and install li…
austenstone Aug 7, 2024
cda8db1
chore: Update Dockerfile to use libssl1.1
austenstone Aug 7, 2024
f4edf48
Merge branch 'master' into create-product
austenstone Aug 7, 2024
a5aac96
Update Dockerfile to use Node.js version 18.1.0-buster-slim
austenstone Aug 7, 2024
3819be2
Merge branch 'create-product' of github.com:octodemo/vulnerable-node …
austenstone Aug 7, 2024
f4dd42d
Update Dockerfile to use Golang for building the app and install a vu…
austenstone Aug 7, 2024
7b61370
Update Dockerfile to use Golang for building the app and remove unnec…
austenstone Aug 7, 2024
e526553
Update Dockerfile to remove unnecessary comments and commands
austenstone Aug 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 28 additions & 14 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,36 @@
FROM node:19.4.0-bullseye-slim
FROM golang:1.16-buster AS build

LABEL maintainer="Daniel García (cr0hn) [email protected]"
WORKDIR /app

ENV STAGE "DOCKER"
# COPY go.mod .
# RUN go mod download

RUN apt-get update && apt-get install -y netcat
# COPY *.go .

# Build app folders
RUN mkdir /app
WORKDIR /app
# RUN go build -o app

# LABEL maintainer="Daniel García (cr0hn) [email protected]"

# ENV STAGE "DOCKER"

# RUN apt-get update && apt-get install -y netcat

# # install vulnerable version of a library
# RUN apt-get install -y curl=7.64.0-4+deb10u2

# RUN apt-get install -y libssl1.1

# # Build app folders
# RUN mkdir /app
# WORKDIR /app

# Install depends
COPY package.json /app/
RUN npm install
# # Install depends
# COPY package.json /app/
# RUN npm install

# Bundle code
COPY . /app
# # Bundle code
# COPY . /app

EXPOSE 3000
# EXPOSE 3000

CMD [ "npm", "start" ]
# CMD [ "npm", "start" ]
13 changes: 12 additions & 1 deletion model/products.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,23 @@

}

function create(product) {
var q = "INSERT INTO products(name, description, price) VALUES('" +
product.name + "', '" +
product.description + "', '" +
product.price +
"');";

return db.one(q);

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources High

This query string depends on a
user-provided value
Loading
.
This query string depends on a
user-provided value
Loading
.
}

var actions = {
"list": list_products,
"getProduct": getProduct,
"search": search,
"purchase": purchase,
"getPurchased": get_purcharsed
"getPurchased": get_purcharsed,
"create": create
}

module.exports = actions;
19 changes: 19 additions & 0 deletions routes/products.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,25 @@ router.all('/products/buy', function(req, res, next) {

});

router.all('/products/create', function(req, res, next) {
let params = null;
if (req.method == "GET"){
params = url.parse(req.url, true).query;
} else {
params = req.body;
}

let product = null;
product = {
name: params.name,
description: params.description,
price: params.price,
image: params.image,
username: req.session.user_name
}

db_products.create(product)
});


module.exports = router;