This commit is contained in:
GRUPOLKS\m.garcia 2025-03-31 15:32:40 +02:00
parent 9618c1bab9
commit 1dd8755570
2 changed files with 44 additions and 42 deletions

View file

@ -0,0 +1,44 @@
package org.springframework.samples.petclinic.owner;
import com.mongodb.MongoClient;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.MongoDatabase;
import org.bson.Document;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class MongoDBQueryHandler {
private static final String DB_URL = "localhost"; // Cambia esto según tu
// configuración
private static final int DB_PORT = 27017;
private static final String DB_NAME = "myDatabase";
public void handleRequest(HttpServletRequest req, HttpServletResponse res) throws IOException {
String user = req.getParameter("user");
String city = req.getParameter("city");
if (user == null || city == null) {
res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing parameters");
return;
}
try (MongoClient mongoClient = new MongoClient(DB_URL, DB_PORT)) {
MongoDatabase database = mongoClient.getDatabase(DB_NAME);
MongoCollection<Document> collection = database.getCollection("users");
Document query = new Document("user", user).append("city", city);
for (Document doc : collection.find(query)) {
System.out.println(doc.toJson()); // Manejar la salida según sea necesario
}
}
catch (Exception e) {
res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Database error");
}
}
}

View file

@ -1,42 +0,0 @@
package org.springframework.samples.petclinic.owner;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class issue {
// Ejemplo de método vulnerable que usa datos de usuario directamente en la consulta
// SQL
public ResultSet insecureLogin(Connection connection, String username, String password) throws SQLException {
String query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
Statement stmt = connection.createStatement();
return stmt.executeQuery(query); // SonarQube marcará esto como Blocker
}
// Método que expone la vulnerabilidad usando parámetros de request simulados
public ResultSet searchUsers(Connection connection, String searchTerm) throws SQLException {
String query = "SELECT * FROM users WHERE name = '" + searchTerm + "'";
Statement stmt = connection.createStatement();
return stmt.executeQuery(query); // Vulnerabilidad SQL Injection
}
// Uso peligroso con concatenación directa
public static void main(String[] args) {
try {
// Simulación de datos controlados por el usuario
String userInput = "admin' OR '1'='1";
String passInput = "fake' OR 'x'='x";
issue example = new issue();
ResultSet rs = example.insecureLogin(null, userInput, passInput);
// ... procesar resultados
}
catch (SQLException e) {
e.printStackTrace();
}
}
}