Create prepared vulnerable code

This commit is contained in:
Bálint Bokros 2017-11-27 18:49:39 +01:00
parent e0d13840f0
commit 327376232d
2 changed files with 27 additions and 0 deletions

View File

@ -0,0 +1,27 @@
import sqlite3
def get_db():
return sqlite3.connect('tutorialpoc.db')
def authorize_login(email, password):
"""
This method checks if a user is authorized and has admin privileges.
:param email: The email address of the user.
:param password: The password of the user.
:return: A tuple, the first element is the email address if the user exists,
and None if they don't; the second element is a boolean, which is True if
the user has admin privileges.
"""
conn = get_db()
sql_statement = '''SELECT email, is_admin FROM users
WHERE email="{}" AND password="{}"'''
# The problem with this approach is that it substitutes any value received
# from the user, even if it is a valid SQL statement!
result = conn.execute(sql_statement.format(email, password)).fetchone()
if result is None:
return None, False
else:
email, is_admin = result
return email, is_admin == 1

Binary file not shown.