Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-09-05 17:53:12 +02:00
Code Issues Projects Releases Wiki Activity

poc: sql injection in large resources read model

Browse Source
This commit is contained in:
sjaanus 2024-06-26 22:40:54 +03:00
parent 72de574012
commit 173edfb1c0
No known key found for this signature in database
GPG Key ID: 20E007C0248BA7FF
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/lib/features/metrics/sizes/largest-resources-read-model.test.ts
View File

@ -92,3 +92,19 @@ test('can calculate resource size', async () => {
expect(project.size).toBe(feature1.size + feature2.size); expect(project.size).toBe(feature1.size + feature2.size);
expect(feature1.size).toBeGreaterThan(feature2.size); expect(feature1.size).toBeGreaterThan(feature2.size);
}); });
test('should demonstrate SQL injection vulnerability', async () => {
const maliciousLimit = '1; DROP TABLE feature_strategies; --';
let errorOccurred = false;
try {
await largestResourcesReadModel.getLargestProjectEnvironments(
maliciousLimit,
);
} catch (error) {
errorOccurred = true;
console.log('SQL injection attempt caught:', error.message);
}
expect(errorOccurred).toBe(true);
});