Skip to content

Commit a8a0bb4

Browse files
jeongsoolee09jeongsoolee09
committed
Move existing CQL Injection test case to old/ 
1 parent 908a572 commit a8a0bb4

File tree

3 files changed

+139
-0
lines changed

3 files changed

+139
-0
lines changed

javascript/frameworks/cap/test/queries/old/cqlinjection.expected

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
WARNING: module 'PathGraph' has been deprecated and may be removed in future (CqlInjection.ql:14,8-27)
2+
WARNING: type 'Configuration' has been deprecated and may be removed in future (CqlInjection.ql:19,33-61)
3+
WARNING: type 'PathNode' has been deprecated and may be removed in future (CqlInjection.ql:46,29-47)
4+
WARNING: type 'PathNode' has been deprecated and may be removed in future (CqlInjection.ql:46,56-74)
5+
nodes
6+
| cqlinjection.js:7:34:7:36 | req |
7+
| cqlinjection.js:7:34:7:36 | req |
8+
| cqlinjection.js:8:13:8:30 | { book, quantity } |
9+
| cqlinjection.js:8:13:8:41 | book |
10+
| cqlinjection.js:8:15:8:18 | book |
11+
| cqlinjection.js:8:34:8:36 | req |
12+
| cqlinjection.js:8:34:8:41 | req.data |
13+
| cqlinjection.js:12:11:12:56 | query |
14+
| cqlinjection.js:12:19:12:56 | SELECT. ... book}`) |
15+
| cqlinjection.js:12:44:12:55 | `ID=${book}` |
16+
| cqlinjection.js:12:50:12:53 | book |
17+
| cqlinjection.js:13:36:13:40 | query |
18+
| cqlinjection.js:13:36:13:40 | query |
19+
| cqlinjection.js:15:27:15:64 | SELECT. ... book}`) |
20+
| cqlinjection.js:15:27:15:64 | SELECT. ... book}`) |
21+
| cqlinjection.js:15:52:15:63 | `ID=${book}` |
22+
| cqlinjection.js:15:58:15:61 | book |
23+
| cqlinjection.js:17:11:17:57 | query2 |
24+
| cqlinjection.js:17:20:17:57 | SELECT. ... + book) |
25+
| cqlinjection.js:17:45:17:56 | 'ID=' + book |
26+
| cqlinjection.js:17:53:17:56 | book |
27+
| cqlinjection.js:18:37:18:42 | query2 |
28+
| cqlinjection.js:18:37:18:42 | query2 |
29+
| cqlinjection.js:20:27:20:64 | SELECT. ... + book) |
30+
| cqlinjection.js:20:27:20:64 | SELECT. ... + book) |
31+
| cqlinjection.js:20:52:20:63 | 'ID=' + book |
32+
| cqlinjection.js:20:60:20:63 | book |
33+
| cqlinjection.js:27:11:27:62 | cqn |
34+
| cqlinjection.js:27:17:27:62 | CQL`SEL ... + book |
35+
| cqlinjection.js:27:59:27:62 | book |
36+
| cqlinjection.js:28:39:28:41 | cqn |
37+
| cqlinjection.js:28:39:28:41 | cqn |
38+
| cqlinjection.js:30:11:30:60 | cqn1 |
39+
| cqlinjection.js:30:18:30:60 | cds.par ... + book) |
40+
| cqlinjection.js:30:32:30:59 | `SELECT ... + book |
41+
| cqlinjection.js:30:56:30:59 | book |
42+
| cqlinjection.js:31:39:31:42 | cqn1 |
43+
| cqlinjection.js:31:39:31:42 | cqn1 |
44+
edges
45+
| cqlinjection.js:7:34:7:36 | req | cqlinjection.js:8:34:8:36 | req |
46+
| cqlinjection.js:7:34:7:36 | req | cqlinjection.js:8:34:8:36 | req |
47+
| cqlinjection.js:8:13:8:30 | { book, quantity } | cqlinjection.js:8:15:8:18 | book |
48+
| cqlinjection.js:8:13:8:41 | book | cqlinjection.js:12:50:12:53 | book |
49+
| cqlinjection.js:8:13:8:41 | book | cqlinjection.js:15:58:15:61 | book |
50+
| cqlinjection.js:8:13:8:41 | book | cqlinjection.js:17:53:17:56 | book |
51+
| cqlinjection.js:8:13:8:41 | book | cqlinjection.js:20:60:20:63 | book |
52+
| cqlinjection.js:8:13:8:41 | book | cqlinjection.js:27:59:27:62 | book |
53+
| cqlinjection.js:8:13:8:41 | book | cqlinjection.js:30:56:30:59 | book |
54+
| cqlinjection.js:8:15:8:18 | book | cqlinjection.js:8:13:8:41 | book |
55+
| cqlinjection.js:8:34:8:36 | req | cqlinjection.js:8:34:8:41 | req.data |
56+
| cqlinjection.js:8:34:8:41 | req.data | cqlinjection.js:8:13:8:30 | { book, quantity } |
57+
| cqlinjection.js:12:11:12:56 | query | cqlinjection.js:13:36:13:40 | query |
58+
| cqlinjection.js:12:11:12:56 | query | cqlinjection.js:13:36:13:40 | query |
59+
| cqlinjection.js:12:19:12:56 | SELECT. ... book}`) | cqlinjection.js:12:11:12:56 | query |
60+
| cqlinjection.js:12:44:12:55 | `ID=${book}` | cqlinjection.js:12:19:12:56 | SELECT. ... book}`) |
61+
| cqlinjection.js:12:50:12:53 | book | cqlinjection.js:12:44:12:55 | `ID=${book}` |
62+
| cqlinjection.js:15:52:15:63 | `ID=${book}` | cqlinjection.js:15:27:15:64 | SELECT. ... book}`) |
63+
| cqlinjection.js:15:52:15:63 | `ID=${book}` | cqlinjection.js:15:27:15:64 | SELECT. ... book}`) |
64+
| cqlinjection.js:15:58:15:61 | book | cqlinjection.js:15:52:15:63 | `ID=${book}` |
65+
| cqlinjection.js:17:11:17:57 | query2 | cqlinjection.js:18:37:18:42 | query2 |
66+
| cqlinjection.js:17:11:17:57 | query2 | cqlinjection.js:18:37:18:42 | query2 |
67+
| cqlinjection.js:17:20:17:57 | SELECT. ... + book) | cqlinjection.js:17:11:17:57 | query2 |
68+
| cqlinjection.js:17:45:17:56 | 'ID=' + book | cqlinjection.js:17:20:17:57 | SELECT. ... + book) |
69+
| cqlinjection.js:17:53:17:56 | book | cqlinjection.js:17:45:17:56 | 'ID=' + book |
70+
| cqlinjection.js:20:52:20:63 | 'ID=' + book | cqlinjection.js:20:27:20:64 | SELECT. ... + book) |
71+
| cqlinjection.js:20:52:20:63 | 'ID=' + book | cqlinjection.js:20:27:20:64 | SELECT. ... + book) |
72+
| cqlinjection.js:20:60:20:63 | book | cqlinjection.js:20:52:20:63 | 'ID=' + book |
73+
| cqlinjection.js:27:11:27:62 | cqn | cqlinjection.js:28:39:28:41 | cqn |
74+
| cqlinjection.js:27:11:27:62 | cqn | cqlinjection.js:28:39:28:41 | cqn |
75+
| cqlinjection.js:27:17:27:62 | CQL`SEL ... + book | cqlinjection.js:27:11:27:62 | cqn |
76+
| cqlinjection.js:27:59:27:62 | book | cqlinjection.js:27:17:27:62 | CQL`SEL ... + book |
77+
| cqlinjection.js:30:11:30:60 | cqn1 | cqlinjection.js:31:39:31:42 | cqn1 |
78+
| cqlinjection.js:30:11:30:60 | cqn1 | cqlinjection.js:31:39:31:42 | cqn1 |
79+
| cqlinjection.js:30:18:30:60 | cds.par ... + book) | cqlinjection.js:30:11:30:60 | cqn1 |
80+
| cqlinjection.js:30:32:30:59 | `SELECT ... + book | cqlinjection.js:30:18:30:60 | cds.par ... + book) |
81+
| cqlinjection.js:30:56:30:59 | book | cqlinjection.js:30:32:30:59 | `SELECT ... + book |
82+
#select
83+
| cqlinjection.js:13:36:13:40 | query | cqlinjection.js:7:34:7:36 | req | cqlinjection.js:13:36:13:40 | query | This query depends on a $@. | cqlinjection.js:7:34:7:36 | req | user-provided value |
84+
| cqlinjection.js:15:27:15:64 | SELECT. ... book}`) | cqlinjection.js:7:34:7:36 | req | cqlinjection.js:15:27:15:64 | SELECT. ... book}`) | This query depends on a $@. | cqlinjection.js:7:34:7:36 | req | user-provided value |
85+
| cqlinjection.js:18:37:18:42 | query2 | cqlinjection.js:7:34:7:36 | req | cqlinjection.js:18:37:18:42 | query2 | This query depends on a $@. | cqlinjection.js:7:34:7:36 | req | user-provided value |
86+
| cqlinjection.js:20:27:20:64 | SELECT. ... + book) | cqlinjection.js:7:34:7:36 | req | cqlinjection.js:20:27:20:64 | SELECT. ... + book) | This query depends on a $@. | cqlinjection.js:7:34:7:36 | req | user-provided value |
87+
| cqlinjection.js:28:39:28:41 | cqn | cqlinjection.js:7:34:7:36 | req | cqlinjection.js:28:39:28:41 | cqn | This query depends on a $@. | cqlinjection.js:7:34:7:36 | req | user-provided value |
88+
| cqlinjection.js:31:39:31:42 | cqn1 | cqlinjection.js:7:34:7:36 | req | cqlinjection.js:31:39:31:42 | cqn1 | This query depends on a $@. | cqlinjection.js:7:34:7:36 | req | user-provided value |

javascript/frameworks/cap/test/queries/old/cqlinjection.js

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
import cds from '@sap/cds'
2+
const { Books } = cds.entities('sap.capire.bookshop')
3+
4+
class SampleVulnService extends cds.ApplicationService {
5+
init() {
6+
// contains a sample CQL injection
7+
this.on('submitOrder', async req => {
8+
const { book, quantity } = req.data
9+
10+
let { stock } = await SELECT`stock`.from(Books, book)
11+
12+
let query = SELECT.from`Books`.where(`ID=${book}`)
13+
let books = await cds.db.run(query) // CQL injection alert
14+
15+
let books11 = await SELECT.from`Books`.where(`ID=${book}`) // CQL injection alert
16+
17+
let query2 = SELECT.from`Books`.where('ID=' + book)
18+
let books2 = await cds.db.run(query2) // CQL injection alert
19+
20+
let books22 = await SELECT.from`Books`.where('ID=' + book) // CQL injection alert
21+
22+
let books3 = await SELECT.from`Books`.where`ID=${book}` //safe
23+
24+
let id = 2
25+
let books33 = await SELECT.from`Books`.where('ID=' + id) //safe
26+
27+
let cqn = CQL`SELECT col1, col2, col3 from Books` + book
28+
let books222 = await cds.db.run(cqn) // CQL injection alert
29+
30+
let cqn1 = cds.parse.cql(`SELECT * from Books` + book)
31+
let books111 = await cds.db.run(cqn1) // CQL injection alert
32+
33+
const pg = require("pg"),
34+
pool = new pg.Pool(config);
35+
pool.query(req.params.category, [], function (err, results) { // non-CQL injection alert from CAP source
36+
// process results
37+
});
38+
39+
const app = require("express")();
40+
app.get("search", function handler(req2, res) {
41+
pool.query(req2.params.category, [], function (err, results) { // non-CQL injection alert from non-CAP source
42+
// process results
43+
});
44+
});
45+
46+
return super.init()
47+
})
48+
}
49+
}
50+
export { SampleVulnService }

javascript/frameworks/cap/test/queries/old/cqlinjection.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
cqlinjection/CqlInjection.ql

0 commit comments

Comments
 (0)