Add secure implementation level 4 for BlindSQLInjectionVulneravility

SasanLabs · imertetsu · Oct 1, 2024 · Oct 1, 2024 · Oct 1, 2024 · Oct 2, 2024
commit 792a7c8763bc22340091af9fdad70dc639a701e9
diff --git a/...java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java b/...java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
@@ -106,4 +106,32 @@ public ResponseEntity<String> getCarInformationLevel3(
                             ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
                 });
     }
+
+    //Input Validation - Ensure that the input data is valid and of the expected type.
+    @VulnerableAppRequestMapping(
+            value = LevelConstants.LEVEL_4,
+            variant = Variant.SECURE,
+            htmlTemplate = "LEVEL_1/SQLInjection_Level1")
+    public ResponseEntity<String> getCarInformationLevel4(
+            @RequestParam Map<String, String> queryParams) {
+        String id = queryParams.get(Constants.ID);
+
+        // Validate numeric ID
+        if (!id.matches("\\d+")) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid ID format.");
+        }
+
+        BodyBuilder bodyBuilder = ResponseEntity.status(HttpStatus.OK);
+        bodyBuilder.body(ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
+        return applicationJdbcTemplate.query(
+                "select * from cars where id=" + id,
+                (rs) -> {
+                    if (rs.next()) {
+                        return bodyBuilder.body(CAR_IS_PRESENT_RESPONSE);
+                    }
+                    return bodyBuilder.body(
+                            ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
+                });
+    }
+
 }