generated from Arquisoft/wiq_0
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added changes to fix code duplication issues and security flaws
- Loading branch information
1 parent
257db61
commit 57b44f3
Showing
4 changed files
with
7 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -35,7 +35,9 @@ app.post('/login', async (req, res) => { | |
| return | ||
| } | ||
|
|
||
| const { email, username, password } = req.body; | ||
| const email = req.body.email.toString(); | ||
| const username = req.body.username.toString(); | ||
| const password = req.body.password.toString(); | ||
|
|
||
| let user; | ||
| if(username) //Can log in with both | ||
|
Check failure Code scanning / SonarCloud NoSQL operations should not be vulnerable to injection attacks High
Change this code to not construct database queries directly from user-controlled data. See more on SonarCloud
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -38,10 +38,10 @@ app.post('/adduser', async (req, res) => { | |
| } | ||
|
|
||
| //Check there is not a user with the same name | ||
| const userUsername = await User.findOne({username: req.body.username}); | ||
| const userUsername = await User.findOne({username: req.body.username.toString()}); | ||
|
|
||
| //Check there is not a user with the same name | ||
| const userEmail = await User.findOne({email: req.body.email}); | ||
| const userEmail = await User.findOne({email: req.body.email.toString()}); | ||
|
Check failure Code scanning / SonarCloud NoSQL operations should not be vulnerable to injection attacks High
Change this code to not construct database queries directly from user-controlled data. See more on SonarCloud
|
||
|
|
||
| if(userUsername) | ||
| return res.status(400).json({error : "Username already in use"}) | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -41,7 +41,7 @@ describe('User Service', () => { | |
| const newUser = { | ||
| email: '[email protected]', | ||
| username: 'testuser', | ||
| password: 'testpassword' | ||
| password: 'test' | ||
| }; | ||
|
|
||
| const response = await request(app).post('/adduser').send(newUser); | ||
|
|
@@ -53,7 +53,7 @@ describe('User Service', () => { | |
| const newUser = { | ||
| email: '[email protected]', | ||
| username: 'testuser2', | ||
| password: 'testpassword' | ||
| password: 'password' | ||
| }; | ||
|
|
||
| const response = await request(app).post('/adduser').send(newUser); | ||
|
|
||