🐛 Bug : sql injection, collation 문제#63

innovationacademy-kr · Jun 18, 2022 · a75137e · a75137e
1 parent 221a990
commit a75137e
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 28 deletions.
diff --git a/backend/controller/returnController.js b/backend/controller/returnController.js
@@ -41,7 +41,7 @@ const patchReturn = async (req, res) => {
 
     await Promise.all([
       query.deleteLent(connection, userLentInfo), // lent 테이블에서 해당 사물함의 대여 정보 삭제
-      query.addLentLog(connection, userLentInfo), // lent_log에 반납되는 사물함 정보 추가
+      query.addLentLog(connection, Object.values(userLentInfo)), // lent_log에 반납되는 사물함 정보 추가
     ]);
 
     await connection.commit();

diff --git a/backend/controller/searchController.js b/backend/controller/searchController.js
@@ -1,5 +1,5 @@
 const query = require('../db/query');
-const { isNumeric, sendResponse } = require('../utils/util');
+const { isNumeric, sendResponse, isString } = require('../utils/util');
 const pool = require('../config/database');
 // intra_id, cabinetNum 검색 기능
 const getSearch = async (req, res) => {
@@ -10,8 +10,7 @@ const getSearch = async (req, res) => {
     let resultFromLent;
     let resultFromLentLog;
 
-    console.log(isNumeric(cabinetNum));
-    if (intraId) {
+    if (intraId && isString(intraId)) {
       [resultFromLent, resultFromLentLog] = await Promise.all([
         query.getLentByIntraId(connection, intraId),
         query.getLentLogByIntraId(connection, intraId),

diff --git a/backend/db/query.js b/backend/db/query.js
@@ -7,9 +7,9 @@ const getLentByIntraId = async (connection, intraId) => {
     ON u.user_id=l.lent_user_id
     LEFT JOIN cabinet c
     ON l.lent_cabinet_id=c.cabinet_id
-    WHERE u.intra_id = '${intraId}';
+    WHERE u.intra_id = ? ;
     `;
-  const result = await connection.query(getLentInfoQuery);
+  const result = await connection.query(getLentInfoQuery, intraId);
   return result;
 };
 
@@ -22,11 +22,11 @@ const getLentLogByIntraId = async (connection, intraId) => {
     ON u.user_id=ll.log_user_id
     LEFT JOIN cabinet c
     ON ll.log_cabinet_id=c.cabinet_id
-    WHERE u.intra_id = '${intraId}'
-    ORDER BY lent_time DESC
+    WHERE u.intra_id = ?
+    ORDER BY lent_time DESC 
     LIMIT 10;
     `;
-  const result = await connection.query(getLentLogInfoQuery);
+  const result = await connection.query(getLentLogInfoQuery, intraId);
   return result;
 };
 
@@ -37,9 +37,9 @@ const getLentByCabinetNum = async (connection, cabinetNum, floor) => {
     FROM cabinet c
     LEFT JOIN lent l
     ON c.cabinet_id=l.lent_cabinet_id
-    WHERE c.cabinet_num = ${cabinetNum} AND c.floor = ${floor};
+    WHERE c.cabinet_num = ? AND c.floor = ?;
     `;
-  const resultFromLent = await connection.query(content);
+  const resultFromLent = await connection.query(content, [cabinetNum, floor]);
   return resultFromLent;
 };
 
@@ -50,11 +50,14 @@ const getLentLogByCabinetNum = async (connection, cabinetNum, floor) => {
     FROM cabinet c
     LEFT JOIN lent_log ll
     ON c.cabinet_id=ll.log_cabinet_id
-    WHERE c.cabinet_num = ${cabinetNum} AND c.floor = ${floor}
+    WHERE c.cabinet_num = ? AND c.floor = ?
     ORDER BY lent_time DESC
     LIMIT 10;
     `;
-  const resultFromLentLog = await connection.query(content);
+  const resultFromLentLog = await connection.query(content, [
+    cabinetNum,
+    floor,
+  ]);
   return resultFromLentLog;
 };
 
@@ -75,39 +78,39 @@ const getInactivatedCabinetList = async (connection) => {
 const modifyCabinetActivation = async (connection, cabinetIdx, activation) => {
   const content = `
     UPDATE cabinet c
-    SET activation=${activation}
-    WHERE cabinet_id=${cabinetIdx}
+    SET activation= ?
+    WHERE cabinet_id= ?
     `;
-  await connection.query(content);
+  await connection.query(content, [activation, cabinetIdx]);
 };
 
 // 고장 사물함 log 추가
 const addDisablelog = async (connection, cabinetIdx, note) => {
   const content = `
     INSERT INTO disable (disable_cabinet_id, note)
-    VALUES (${cabinetIdx}, "${note}");
+    VALUES (?, ?);
     `;
-  await connection.query(content);
+  await connection.query(content, [cabinetIdx, note]);
 };
 
 // 고장 사물함 status 0 처리
 const modifyDisablelog = async (connection, cabinetIdx) => {
   const content = `
     UPDATE disable d
     SET status=0, fix_time=now()
-    WHERE disable_cabinet_id=${cabinetIdx} AND status=1;
+    WHERE disable_cabinet_id = ? AND status=1;
   `;
-  await connection.query(content);
+  await connection.query(content, cabinetIdx);
 };
 
 // 반납할 사물함의 lent 정보 가져옴
 const getUserLent = async (connection, cabinetIdx) => {
   const getUserLentQuery = `
     SELECT lent_cabinet_id, lent_user_id, DATE_FORMAT(lent_time, '%Y-%m-%d %H:%i:%s') AS lent_time
     FROM lent
-    WHERE lent_cabinet_id = ${cabinetIdx}
+    WHERE lent_cabinet_id = ?
     `;
-  const [result] = await connection.query(getUserLentQuery);
+  const [result] = await connection.query(getUserLentQuery, cabinetIdx);
   return result;
 };
 
@@ -118,9 +121,9 @@ const getCabinet = async (connection, cabinetIdx) => {
     FROM cabinet c
     LEFT JOIN lent l ON c.cabinet_id=l.lent_cabinet_id
     LEFT JOIN user u ON l.lent_user_id=u.user_id 
-    WHERE c.cabinet_id = ${cabinetIdx};
+    WHERE c.cabinet_id = ?;
     `;
-  const [result] = await connection.query(getCabinetQuery);
+  const [result] = await connection.query(getCabinetQuery, cabinetIdx);
   return result;
 };
 
@@ -154,19 +157,19 @@ const getLentUserInfo = async (connection) => {
 const addLentLog = async (connection, userLentInfo) => {
   const addLentLogQuery = `
     INSERT INTO lent_log(log_cabinet_id, log_user_id, lent_time, return_time) 
-    VALUES (${userLentInfo.lent_cabinet_id}, ${userLentInfo.lent_user_id}, '${userLentInfo.lent_time}', now())
+    VALUES ( ?, ?, ?, now())
     `;
-  await connection.query(addLentLogQuery);
+  await connection.query(addLentLogQuery, userLentInfo);
 };
 
 // lent 테이블에서 사물함 정보 삭제
 const deleteLent = async (connection, userLentInfo) => {
   const deleteLentQuery = `
     DELETE 
     FROM lent 
-    WHERE lent_cabinet_id=${userLentInfo.lent_cabinet_id}
+    WHERE lent_cabinet_id= ?
     `;
-  await connection.query(deleteLentQuery);
+  await connection.query(deleteLentQuery, userLentInfo.lent_cabinet_id);
 };
 
 const getLentOverdue = async (connection) => {

diff --git a/backend/utils/util.js b/backend/utils/util.js
@@ -30,6 +30,11 @@ const sendResponse = (res, data, status) => {
   res.status(status).json(data);
 };
 
+const isString = (str) => {
+  const regExp = /^[a-zA-Z0-9]+$/;
+  return regExp.test(str);
+};
+
 const isVerified = (token) => {
   try {
     jwt.verify(token, config.getJwtSecret());
@@ -45,4 +50,5 @@ module.exports = {
   isNumeric,
   isLogin,
   isVerified,
+  isString,
 };