mirror of
https://github.com/avatao-content/baseimage-tutorial-framework
synced 2024-12-22 18:01:57 +00:00
Create prepared vulnerable code
This commit is contained in:
parent
e0d13840f0
commit
327376232d
27
src/components/login_component.py
Normal file
27
src/components/login_component.py
Normal file
@ -0,0 +1,27 @@
|
||||
import sqlite3
|
||||
|
||||
|
||||
def get_db():
|
||||
return sqlite3.connect('tutorialpoc.db')
|
||||
|
||||
|
||||
def authorize_login(email, password):
|
||||
"""
|
||||
This method checks if a user is authorized and has admin privileges.
|
||||
:param email: The email address of the user.
|
||||
:param password: The password of the user.
|
||||
:return: A tuple, the first element is the email address if the user exists,
|
||||
and None if they don't; the second element is a boolean, which is True if
|
||||
the user has admin privileges.
|
||||
"""
|
||||
conn = get_db()
|
||||
sql_statement = '''SELECT email, is_admin FROM users
|
||||
WHERE email="{}" AND password="{}"'''
|
||||
# The problem with this approach is that it substitutes any value received
|
||||
# from the user, even if it is a valid SQL statement!
|
||||
result = conn.execute(sql_statement.format(email, password)).fetchone()
|
||||
if result is None:
|
||||
return None, False
|
||||
else:
|
||||
email, is_admin = result
|
||||
return email, is_admin == 1
|
BIN
src/components/tutorialpoc.db
Normal file
BIN
src/components/tutorialpoc.db
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user