Use AddPerson to show problems in that too

tfsjohan · May 5, 2024 · 73b8249 · 73b8249
1 parent 748c0bc
commit 73b8249
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 9 deletions.
diff --git a/Ghas/Controllers/PersonController.cs b/Ghas/Controllers/PersonController.cs
@@ -31,17 +31,28 @@ public ActionResult<Person> UpdateDescription(
         {
             person.Description = description;
             repository.UpdatePerson(person);
+
             return Ok(person);
         }
 
         return NotFound();
     }
 
-    [HttpPost("{id}")]
+    [HttpPut("{id}")]
     public ActionResult<Person> UpdatePerson(
         [FromBody] Person person)
     {
         repository.UpdatePerson(person);
+
+        return Ok(person);
+    }
+
+    [HttpPost("")]
+    public ActionResult<Person> AddPerson(
+        [FromBody] Person person)
+    {
+        repository.AddPerson(person);
+
         return Ok(person);
     }
 }
diff --git a/Ghas/Data/Repository.cs b/Ghas/Data/Repository.cs
@@ -63,14 +63,8 @@ public Person AddPerson(Person person)
 
         connection.Open();
 
-        /*
-         * This is clearly a very bad way to insert data into a database.
-         * It is vulnerable to SQL injection attacks.
-         * Yet, CodeQL does not flag this as a security vulnerability.
-         * This is because CodeQL does not have a built-in taint analysis for SQL queries and Asp.net model binding.
-         * However, CodeQL does have a taint analysis for HTTP requests.
-         * This is why CodeQL is able to detect the SQL injection vulnerability in the Ghas/Controllers/PersonController.cs file.
-         */
+        person.Id = Guid.NewGuid().ToString();
+
         using var command = new SqlCommand(
             $"INSERT INTO Persons (Id, Name, Age, Description) " +
             $"VALUES ('{person.Id}', '{person.Name}', {person.Age}, '{person.Description}')",