test

[sa-ny]

No description provided.

[github-actions]

Caution

Breaking Flaws identified in code!

Fixes for application/views/userController.py:
Falws found for this file:
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 588 for issue 1061
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 199 for issue 1016
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 709 for issue 1046
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 113 for issue 1025
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 201 for issue 1035

Fix suggestions:

--- application/views/userController.py
+++ application/views/userController.py
@@ -196,9 +196,9 @@
                 formatString = "Username '" + username + "' has password: {}"
                 hint = formatString.format(password[:2] + ("*" * (len(password) - 2)))
                 logger.info(hint)
-                return HttpResponse(escape(hint))
+                return escape(HttpResponse(escape(hint)))
             else:
-                return HttpResponse(escape("No password found for " + username))
+                return HttpResponse(escape(escape("No password found for " + username)))
     except DatabaseError as db_err:
             logger.error("Database error", db_err)
             return HttpResponse("ERROR!") 
@@ -585,7 +585,8 @@
             logger.info("Preparing the update Prepared Statement")
             update = "UPDATE users SET real_name='%s', blab_name='%s' WHERE username='%s';"
             logger.info("Executing the update Prepared Statement")
-            cursor.execute(update % (realName, blabName, sessionUsername), (realName, blabName, sessionUsername))
+            update = "UPDATE users SET real_name=:realName, blab_name=:blabName WHERE username=:username"
+            cursor.execute(update, {"realName": realName, "blabName": blabName, "username": sessionUsername})
             updateResult = cursor.fetchone()
 
             # If there is a record...
@@ -706,7 +707,7 @@
                 if mime_type is None:
                     mime_type = "application/octet-stream"
                 logger.info("MIME type: " + mime_type)
-                response = HttpResponse(file.read(), content_type=mime_type)
+                response = escape(HttpResponse(file.read(), content_type=mime_type))
                 response.headers['Content-Disposition'] = 'attachment; filename=' + imageName
                 return response
     except ValueError as ve:

[github-actions]

Caution

Breaking Flaws identified in code!

Fixes for application/views/userController.py:
Falws found for this file:
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 588 for issue 1060
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 199 for issue 1016
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 113 for issue 1025
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 201 for issue 1035

Fix suggestions:

--- application/views/userController.py
+++ application/views/userController.py
@@ -196,9 +196,9 @@
                 formatString = "Username '" + username + "' has password: {}"
                 hint = formatString.format(password[:2] + ("*" * (len(password) - 2)))
                 logger.info(hint)
-                return HttpResponse(escape(hint))
+                return escape(HttpResponse(escape(hint)))
             else:
-                return HttpResponse(escape("No password found for " + username))
+                return HttpResponse(escape(escape("No password found for " + username)))
     except DatabaseError as db_err:
             logger.error("Database error", db_err)
             return HttpResponse("ERROR!") 
@@ -585,7 +585,8 @@
             logger.info("Preparing the update Prepared Statement")
             update = "UPDATE users SET real_name='%s', blab_name='%s' WHERE username='%s';"
             logger.info("Executing the update Prepared Statement")
-            cursor.execute(update % (realName, blabName, sessionUsername), (realName, blabName, sessionUsername))
+            update = "UPDATE users SET real_name=:realName, blab_name=:blabName WHERE username=:username"
+            cursor.execute(update, {"realName": realName, "blabName": blabName, "username": sessionUsername})
             updateResult = cursor.fetchone()
 
             # If there is a record...

[github-actions]

Caution

Breaking Flaws identified in code!

Fixes for application/views/resetController.py:
Falws found for this file:
CWE 331 - Insufficient Entropy - Severity 3 on line 112 for issue 1005
CWE 331 - Insufficient Entropy - Severity 3 on line 155 for issue 1008
CWE 331 - Insufficient Entropy - Severity 3 on line 130 for issue 1006
CWE 331 - Insufficient Entropy - Severity 3 on line 150 for issue 1007

Fix suggestions:

--- application/views/resetController.py
+++ application/views/resetController.py
@@ -110,4 +110,5 @@
                     for listener in users[2:]:
                         rand = random.SystemRandom()
+                        rand = random.SystemRandom()
                         if rand.choice([False, True]) and (blabber!= listener):
                             
@@ -127,4 +128,5 @@
                 for blabContent in blabsContent:
                     # Get the array offset for a random user
+                    rand = random.SystemRandom()
                     rand = random.SystemRandom()
                     randomUserOffset = rand.randint(2, len(users) - 1)
@@ -148,10 +150,11 @@
                     # Add a random number of comment
                     rand = random.SystemRandom()
-                    count = rand.randint(0, 5) # between 0 and 6
+                    rand = random.SystemRandom()
+                    count = rand.randint(0, 5)
 
                     for j in range(count) :
                         # Get the array offset for a random user
                         rand = random.SystemRandom()
-                        randomUserOffset = rand.randint(2, len(users)-1) #removed +1 cause no admin,  removed -2 because no admin and inclusive.
+                        randomUserOffset = random.SystemRandom().randint(2, len(users)-1)
                         username = users[randomUserOffset].username
 

[github-actions]

Caution

Breaking Flaws identified in code!

Fixes for application/views/userController.py:
Falws found for this file:
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 588 for issue 1061
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 199 for issue 1016
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 113 for issue 1025
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 709 for issue 1046
CWE 80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - Severity 3 on line 201 for issue 1035

Fix suggestions:

--- application/views/userController.py
+++ application/views/userController.py
@@ -196,9 +196,9 @@
                 formatString = "Username '" + username + "' has password: {}"
                 hint = formatString.format(password[:2] + ("*" * (len(password) - 2)))
                 logger.info(hint)
-                return HttpResponse(escape(hint))
+                return escape(HttpResponse(escape(hint)))
             else:
-                return HttpResponse(escape("No password found for " + username))
+                return HttpResponse(escape(escape("No password found for " + username)))
     except DatabaseError as db_err:
             logger.error("Database error", db_err)
             return HttpResponse("ERROR!") 
@@ -585,7 +585,8 @@
             logger.info("Preparing the update Prepared Statement")
             update = "UPDATE users SET real_name='%s', blab_name='%s' WHERE username='%s';"
             logger.info("Executing the update Prepared Statement")
-            cursor.execute(update % (realName, blabName, sessionUsername), (realName, blabName, sessionUsername))
+            update = "UPDATE users SET real_name=:realName, blab_name=:blabName WHERE username=:username"
+            cursor.execute(update, {"realName": realName, "blabName": blabName, "username": sessionUsername})
             updateResult = cursor.fetchone()
 
             # If there is a record...
@@ -706,7 +707,7 @@
                 if mime_type is None:
                     mime_type = "application/octet-stream"
                 logger.info("MIME type: " + mime_type)
-                response = HttpResponse(file.read(), content_type=mime_type)
+                response = escape(HttpResponse(file.read(), content_type=mime_type))
                 response.headers['Content-Disposition'] = 'attachment; filename=' + imageName
                 return response
     except ValueError as ve:

[github-actions]

Caution

Breaking Flaws identified in code!

Fixes for application/views/blabController.py:
Falws found for this file:
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 257 for issue 1014
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 211 for issue 1054

Fix suggestions:

--- application/views/blabController.py
+++ application/views/blabController.py
@@ -208,7 +208,7 @@
 
                     # Get comments
                     logger.info("Executing query to get all comments")
-                    cursor.execute(blabCommentsSql % (blabid,))
+                    cursor.execute(blabCommentsSql, (blabid, ))
                     blabCommentsResults = cursor.fetchall()
 
                     comments = []
@@ -254,7 +254,8 @@
             with connection.cursor() as cursor:
 
                 logger.info("Executing addComment")
-                cursor.execute(addCommentSql % (blabid, username, comment, moment.now().format("YYYY-MM-DD hh:mm:ss")))
+                addCommentSql = "INSERT INTO comments (blabid, blabber, content, timestamp) values (%s, %s, %s, %s);"
+                cursor.execute(addCommentSql, (blabid, username, comment, moment.now().format("YYYY-MM-DD hh:mm:ss")))
                 
                 if not cursor.rowcount:
                     request.error = "Failed to add comment"

[github-actions]

Caution

Breaking Flaws identified in code!

Fixes for application/fortune/fortuneData.py:
Falws found for this file:
CWE 331 - Insufficient Entropy - Severity 3 on line 105 for issue 1002
CWE 331 - Insufficient Entropy - Severity 3 on line 160 for issue 1003

Fix suggestions:

--- application/fortune/fortuneData.py
+++ application/fortune/fortuneData.py
@@ -102,7 +102,8 @@
             "Happy life is just in front of you." 
         ]
 
-        return random.choice(fortunes)
+        rand = random.SystemRandom()
+        return rand.choice(fortunes)
 
 
 def RiddleData():

[github-actions]

Caution

Breaking Flaws identified in code!

Fixes for application/views/blabController.py:
Falws found for this file:
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 211 for issue 1053
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 257 for issue 1014

Fix suggestions:

--- application/views/blabController.py
+++ application/views/blabController.py
@@ -208,7 +208,7 @@
 
                     # Get comments
                     logger.info("Executing query to get all comments")
-                    cursor.execute(blabCommentsSql % (blabid,))
+                    cursor.execute(blabCommentsSql, (blabid, ))
                     blabCommentsResults = cursor.fetchall()
 
                     comments = []
@@ -254,7 +254,8 @@
             with connection.cursor() as cursor:
 
                 logger.info("Executing addComment")
-                cursor.execute(addCommentSql % (blabid, username, comment, moment.now().format("YYYY-MM-DD hh:mm:ss")))
+                addCommentSql = "INSERT INTO comments (blabid, blabber, content, timestamp) values (%s, %s, %s, %s);"
+                cursor.execute(addCommentSql, (blabid, username, comment, moment.now().format("YYYY-MM-DD hh:mm:ss")))
                 
                 if not cursor.rowcount:
                     request.error = "Failed to add comment"

[github-actions]

Caution

Breaking Flaws identified in code!

Fixes for application/views/userController.py:
Falws found for this file:
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 588 for issue 1060
CWE 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Severity 4 on line 113 for issue 1025

Fix suggestions:

--- application/views/userController.py
+++ application/views/userController.py
@@ -585,7 +585,8 @@
             logger.info("Preparing the update Prepared Statement")
             update = "UPDATE users SET real_name='%s', blab_name='%s' WHERE username='%s';"
             logger.info("Executing the update Prepared Statement")
-            cursor.execute(update % (realName, blabName, sessionUsername), (realName, blabName, sessionUsername))
+            update = "UPDATE users SET real_name=:realName, blab_name=:blabName WHERE username=:username"
+            cursor.execute(update, {"realName": realName, "blabName": blabName, "username": sessionUsername})
             updateResult = cursor.fetchone()
 
             # If there is a record...