From 9b8f0aaf5d2122387b4fea26cfca79105db9980b Mon Sep 17 00:00:00 2001 From: mitchell-liatrio Date: Thu, 23 May 2024 14:58:43 -0500 Subject: [PATCH] chore: add vulnerable code --- .../PostController.java | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/liatrio/dojo/devopsknowledgeshareapi/PostController.java b/src/main/java/com/liatrio/dojo/devopsknowledgeshareapi/PostController.java index 1fb7569..38d7409 100644 --- a/src/main/java/com/liatrio/dojo/devopsknowledgeshareapi/PostController.java +++ b/src/main/java/com/liatrio/dojo/devopsknowledgeshareapi/PostController.java @@ -21,19 +21,33 @@ public PostController(PostRepository repository) { @GetMapping("/posts") public Collection posts() { - log.info("{}: recieved a GET request", deploymentType); + log.info("{}: received a GET request", deploymentType); return repository.findAll().stream().collect(Collectors.toList()); } @PostMapping("/posts") public Post post(@RequestBody Post post, HttpServletResponse resp) { - log.info("{}: recieved a POST request", deploymentType); + log.info("{}: received a POST request", deploymentType); return repository.save(post); } @DeleteMapping("/posts/{id}") public void deletePost(@PathVariable("id") String id) { - log.info("{}: recieved a DELETE request", deploymentType); + log.info("{}: received a DELETE request", deploymentType); repository.deleteById(Long.parseLong(id)); } + + @GetMapping("/posts/{id}") + public Post getPostById(@PathVariable("id") String id) { + log.info("{}: received a GET request for post with id {}", deploymentType, id); + return repository.findById(Long.parseLong(id)).orElse(null); + } + + @GetMapping("/posts/search") + public Collection searchPosts(@RequestParam("query") String query) { + log.info("{}: received a GET request to search posts with query: {}", deploymentType, query); + // WARNING: This code is vulnerable to SQL injection + String sql = "SELECT * FROM posts WHERE title LIKE '%" + query + "%'"; + return repository.search(sql); + } }