From a75137e75136a501e777e267b8b9d0280cfa65f2 Mon Sep 17 00:00:00 2001
From: yoyoo <mcwatney@naver.com>
Date: Sun, 19 Jun 2022 04:02:02 +0900
Subject: [PATCH] =?UTF-8?q?:bug:=20Bug=20:=20sql=20injection,=20collation?=
 =?UTF-8?q?=20=EB=AC=B8=EC=A0=9C#63?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/controller/returnController.js |  2 +-
 backend/controller/searchController.js |  5 +--
 backend/db/query.js                    | 51 ++++++++++++++------------
 backend/utils/util.js                  |  6 +++
 4 files changed, 36 insertions(+), 28 deletions(-)

diff --git a/backend/controller/returnController.js b/backend/controller/returnController.js
index 6e9ac6e..61f0ac9 100644
--- a/backend/controller/returnController.js
+++ b/backend/controller/returnController.js
@@ -41,7 +41,7 @@ const patchReturn = async (req, res) => {
 
     await Promise.all([
       query.deleteLent(connection, userLentInfo), // lent 테이블에서 해당 사물함의 대여 정보 삭제
-      query.addLentLog(connection, userLentInfo), // lent_log에 반납되는 사물함 정보 추가
+      query.addLentLog(connection, Object.values(userLentInfo)), // lent_log에 반납되는 사물함 정보 추가
     ]);
 
     await connection.commit();
diff --git a/backend/controller/searchController.js b/backend/controller/searchController.js
index 7c7a521..2b3f040 100644
--- a/backend/controller/searchController.js
+++ b/backend/controller/searchController.js
@@ -1,5 +1,5 @@
 const query = require('../db/query');
-const { isNumeric, sendResponse } = require('../utils/util');
+const { isNumeric, sendResponse, isString } = require('../utils/util');
 const pool = require('../config/database');
 // intra_id, cabinetNum 검색 기능
 const getSearch = async (req, res) => {
@@ -10,8 +10,7 @@ const getSearch = async (req, res) => {
     let resultFromLent;
     let resultFromLentLog;
 
-    console.log(isNumeric(cabinetNum));
-    if (intraId) {
+    if (intraId && isString(intraId)) {
       [resultFromLent, resultFromLentLog] = await Promise.all([
         query.getLentByIntraId(connection, intraId),
         query.getLentLogByIntraId(connection, intraId),
diff --git a/backend/db/query.js b/backend/db/query.js
index bd65d76..d8d564e 100644
--- a/backend/db/query.js
+++ b/backend/db/query.js
@@ -7,9 +7,9 @@ const getLentByIntraId = async (connection, intraId) => {
     ON u.user_id=l.lent_user_id
     LEFT JOIN cabinet c
     ON l.lent_cabinet_id=c.cabinet_id
-    WHERE u.intra_id = '${intraId}';
+    WHERE u.intra_id = ? ;
     `;
-  const result = await connection.query(getLentInfoQuery);
+  const result = await connection.query(getLentInfoQuery, intraId);
   return result;
 };
 
@@ -22,11 +22,11 @@ const getLentLogByIntraId = async (connection, intraId) => {
     ON u.user_id=ll.log_user_id
     LEFT JOIN cabinet c
     ON ll.log_cabinet_id=c.cabinet_id
-    WHERE u.intra_id = '${intraId}'
-    ORDER BY lent_time DESC
+    WHERE u.intra_id = ?
+    ORDER BY lent_time DESC 
     LIMIT 10;
     `;
-  const result = await connection.query(getLentLogInfoQuery);
+  const result = await connection.query(getLentLogInfoQuery, intraId);
   return result;
 };
 
@@ -37,9 +37,9 @@ const getLentByCabinetNum = async (connection, cabinetNum, floor) => {
     FROM cabinet c
     LEFT JOIN lent l
     ON c.cabinet_id=l.lent_cabinet_id
-    WHERE c.cabinet_num = ${cabinetNum} AND c.floor = ${floor};
+    WHERE c.cabinet_num = ? AND c.floor = ?;
     `;
-  const resultFromLent = await connection.query(content);
+  const resultFromLent = await connection.query(content, [cabinetNum, floor]);
   return resultFromLent;
 };
 
@@ -50,11 +50,14 @@ const getLentLogByCabinetNum = async (connection, cabinetNum, floor) => {
     FROM cabinet c
     LEFT JOIN lent_log ll
     ON c.cabinet_id=ll.log_cabinet_id
-    WHERE c.cabinet_num = ${cabinetNum} AND c.floor = ${floor}
+    WHERE c.cabinet_num = ? AND c.floor = ?
     ORDER BY lent_time DESC
     LIMIT 10;
     `;
-  const resultFromLentLog = await connection.query(content);
+  const resultFromLentLog = await connection.query(content, [
+    cabinetNum,
+    floor,
+  ]);
   return resultFromLentLog;
 };
 
@@ -75,19 +78,19 @@ const getInactivatedCabinetList = async (connection) => {
 const modifyCabinetActivation = async (connection, cabinetIdx, activation) => {
   const content = `
     UPDATE cabinet c
-    SET activation=${activation}
-    WHERE cabinet_id=${cabinetIdx}
+    SET activation= ?
+    WHERE cabinet_id= ?
     `;
-  await connection.query(content);
+  await connection.query(content, [activation, cabinetIdx]);
 };
 
 // 고장 사물함 log 추가
 const addDisablelog = async (connection, cabinetIdx, note) => {
   const content = `
     INSERT INTO disable (disable_cabinet_id, note)
-    VALUES (${cabinetIdx}, "${note}");
+    VALUES (?, ?);
     `;
-  await connection.query(content);
+  await connection.query(content, [cabinetIdx, note]);
 };
 
 // 고장 사물함 status 0 처리
@@ -95,9 +98,9 @@ const modifyDisablelog = async (connection, cabinetIdx) => {
   const content = `
     UPDATE disable d
     SET status=0, fix_time=now()
-    WHERE disable_cabinet_id=${cabinetIdx} AND status=1;
+    WHERE disable_cabinet_id = ? AND status=1;
   `;
-  await connection.query(content);
+  await connection.query(content, cabinetIdx);
 };
 
 // 반납할 사물함의 lent 정보 가져옴
@@ -105,9 +108,9 @@ const getUserLent = async (connection, cabinetIdx) => {
   const getUserLentQuery = `
     SELECT lent_cabinet_id, lent_user_id, DATE_FORMAT(lent_time, '%Y-%m-%d %H:%i:%s') AS lent_time
     FROM lent
-    WHERE lent_cabinet_id = ${cabinetIdx}
+    WHERE lent_cabinet_id = ?
     `;
-  const [result] = await connection.query(getUserLentQuery);
+  const [result] = await connection.query(getUserLentQuery, cabinetIdx);
   return result;
 };
 
@@ -118,9 +121,9 @@ const getCabinet = async (connection, cabinetIdx) => {
     FROM cabinet c
     LEFT JOIN lent l ON c.cabinet_id=l.lent_cabinet_id
     LEFT JOIN user u ON l.lent_user_id=u.user_id 
-    WHERE c.cabinet_id = ${cabinetIdx};
+    WHERE c.cabinet_id = ?;
     `;
-  const [result] = await connection.query(getCabinetQuery);
+  const [result] = await connection.query(getCabinetQuery, cabinetIdx);
   return result;
 };
 
@@ -154,9 +157,9 @@ const getLentUserInfo = async (connection) => {
 const addLentLog = async (connection, userLentInfo) => {
   const addLentLogQuery = `
     INSERT INTO lent_log(log_cabinet_id, log_user_id, lent_time, return_time) 
-    VALUES (${userLentInfo.lent_cabinet_id}, ${userLentInfo.lent_user_id}, '${userLentInfo.lent_time}', now())
+    VALUES ( ?, ?, ?, now())
     `;
-  await connection.query(addLentLogQuery);
+  await connection.query(addLentLogQuery, userLentInfo);
 };
 
 // lent 테이블에서 사물함 정보 삭제
@@ -164,9 +167,9 @@ const deleteLent = async (connection, userLentInfo) => {
   const deleteLentQuery = `
     DELETE 
     FROM lent 
-    WHERE lent_cabinet_id=${userLentInfo.lent_cabinet_id}
+    WHERE lent_cabinet_id= ?
     `;
-  await connection.query(deleteLentQuery);
+  await connection.query(deleteLentQuery, userLentInfo.lent_cabinet_id);
 };
 
 const getLentOverdue = async (connection) => {
diff --git a/backend/utils/util.js b/backend/utils/util.js
index 431f241..7c767f4 100644
--- a/backend/utils/util.js
+++ b/backend/utils/util.js
@@ -30,6 +30,11 @@ const sendResponse = (res, data, status) => {
   res.status(status).json(data);
 };
 
+const isString = (str) => {
+  const regExp = /^[a-zA-Z0-9]+$/;
+  return regExp.test(str);
+};
+
 const isVerified = (token) => {
   try {
     jwt.verify(token, config.getJwtSecret());
@@ -45,4 +50,5 @@ module.exports = {
   isNumeric,
   isLogin,
   isVerified,
+  isString,
 };