First commit
This commit is contained in:
Johan
62
server.js
Normal file
62
server.js
Normal file
@@ -0,0 +1,62 @@
|
||||
const express = require('express');
|
||||
const sqlite3 = require('sqlite3').verbose();
|
||||
const bcrypt = require('bcrypt');
|
||||
const helmet = require('helmet');
|
||||
const escape = require('escape-html');
|
||||
const jwt = require('jsonwebtoken');
|
||||
const app = express();
|
||||
app.use(express.json());
|
||||
|
||||
// BDD simulée en mémoire
|
||||
const db = new sqlite3.Database(':memory:');
|
||||
db.serialize(() => {
|
||||
db.run("CREATE TABLE users (id INTEGER PRIMARY KEY, username TEXT, password TEXT)");
|
||||
db.run("CREATE TABLE notes (id INTEGER PRIMARY KEY, user_id INTEGER, content TEXT)");
|
||||
// Mot de passe stocké en clair (Faille 1)
|
||||
db.run("INSERT INTO users (username, password) VALUES ('admin', 'supersecret')");
|
||||
db.run("INSERT INTO users (username, password) VALUES ('alice', 'password123')");
|
||||
db.run("INSERT INTO notes (user_id, content) VALUES (2, 'Mon secret personnel')");
|
||||
});
|
||||
|
||||
// Route de connexion
|
||||
app.post('/login', (req, res) => {
|
||||
const { username, password } = req.body;
|
||||
// Faille 2 : Injection SQL (Concaténation directe)
|
||||
const query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
|
||||
|
||||
db.get(query, (err, row) => {
|
||||
if (err) return res.status(500).send(err.message);
|
||||
if (row) {
|
||||
res.json({ message: "Connecté", userId: row.id });
|
||||
} else {
|
||||
res.status(401).send("Échec");
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
// Route pour lire une note
|
||||
app.get('/notes/:id', (req, res) => {
|
||||
// Faille 3 : Broken Access Control (IDOR)
|
||||
// On ne vérifie pas si la note appartient à l'utilisateur qui la demande
|
||||
const query = `SELECT * FROM notes WHERE id = ${req.params.id}`;
|
||||
db.get(query, (err, row) => {
|
||||
if (row) {
|
||||
// Faille 4 : XSS Réfléchi/Stocké (Pas d'échappement de la sortie)
|
||||
res.send(`<h1>Note : ${row.content}</h1>`);
|
||||
} else {
|
||||
res.status(404).send("Note introuvable");
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
// Route pour créer une note (Vulnérable XSS à l'insertion)
|
||||
app.post('/notes', (req, res) => {
|
||||
const { userId, content } = req.body;
|
||||
const query = `INSERT INTO notes (user_id, content) VALUES (${userId}, '${content}')`;
|
||||
db.run(query, function(err) {
|
||||
if (err) return res.status(500).send(err.message);
|
||||
res.send("Note créée");
|
||||
});
|
||||
});
|
||||
|
||||
app.listen(3000, () => console.log('Server running on port 3000'));
|
||||
Reference in New Issue
Block a user