Skip to content

Commit

Permalink
Fix code scanning alert #3: Database query built from user-controlled…
Browse files Browse the repository at this point in the history 
… sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@BillReyor @github-advanced-security
BillReyor and github-advanced-security[bot] committed Sep 21, 2024
1 parent e5b35c0 commit 249c93d
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions part2/VulnerableAppTwo/src/VulnerableAppTwo.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ app.post('/api/submit', (req, res) => {
// Route: SQL (NoSQL) Injection
app.post('/api/login', async (req, res) => {
const { username, password } = req.body;
// Unsafe query
const user = await User.findOne({ username: username, password: password });
// Safe query using $eq operator
const user = await User.findOne({ username: { $eq: username }, password: { $eq: password } });
if (user) {
res.send('Login successful');
} else {
Expand Down

0 comments on commit 249c93d

Please sign in to comment.