johanleroy/ENI-JSAdvanced_13
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a2a11197a96166160b8b525391a7dc755819a6bb
ENI-JSAdvanced_13/server.js
Johan a2a11197a9 First commit
2025-12-18 15:27:04 +01:00

62 lines
2.2 KiB
JavaScript
Raw Blame History

const express = require('express');
const sqlite3 = require('sqlite3').verbose();
const bcrypt = require('bcrypt');
const helmet = require('helmet');
const escape = require('escape-html');
const jwt = require('jsonwebtoken');
const app = express();
app.use(express.json());
// BDD simulée en mémoire
const db = new sqlite3.Database(':memory:');
db.serialize(() => {
db.run("CREATE TABLE users (id INTEGER PRIMARY KEY, username TEXT, password TEXT)");
db.run("CREATE TABLE notes (id INTEGER PRIMARY KEY, user_id INTEGER, content TEXT)");
// Mot de passe stocké en clair (Faille 1)
db.run("INSERT INTO users (username, password) VALUES ('admin', 'supersecret')");
db.run("INSERT INTO users (username, password) VALUES ('alice', 'password123')");
db.run("INSERT INTO notes (user_id, content) VALUES (2, 'Mon secret personnel')");
});
// Route de connexion
app.post('/login', (req, res) => {
const { username, password } = req.body;
// Faille 2 : Injection SQL (Concaténation directe)
const query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
db.get(query, (err, row) => {
if (err) return res.status(500).send(err.message);
if (row) {
res.json({ message: "Connecté", userId: row.id });
} else {
res.status(401).send("Échec");
}
});
});
// Route pour lire une note
app.get('/notes/:id', (req, res) => {
// Faille 3 : Broken Access Control (IDOR)
// On ne vérifie pas si la note appartient à l'utilisateur qui la demande
const query = `SELECT * FROM notes WHERE id = ${req.params.id}`;
db.get(query, (err, row) => {
if (row) {
// Faille 4 : XSS Réfléchi/Stocké (Pas d'échappement de la sortie)
res.send(`<h1>Note : ${row.content}</h1>`);
} else {
res.status(404).send("Note introuvable");
}
});
});
// Route pour créer une note (Vulnérable XSS à l'insertion)
app.post('/notes', (req, res) => {
const { userId, content } = req.body;
const query = `INSERT INTO notes (user_id, content) VALUES (${userId}, '${content}')`;
db.run(query, function(err) {
if (err) return res.status(500).send(err.message);
res.send("Note créée");
});
});
app.listen(3000, () => console.log('Server running on port 3000'));
Reference in New Issue View Git Blame Copy Permalink