Skip to content

Commit

Permalink
Merge pull request #27 from DefenderK/demo-branch-1
Browse files Browse the repository at this point in the history 
Demo branch 1
  • Loading branch information
@DefenderK
DefenderK authored Mar 10, 2024
2 parents a1e7204 + 73e6fec commit 0ea27c7
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
2 changes: 1 addition & 1 deletion app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ app.set('view engine', 'ejs');
app.use(logger('dev'));
app.use(methodOverride());
app.use(session({
secret: 'keyboard cat',
// secret: 'keyboard cat',
name: 'connect.sid',
cookie: { path: '/' }
}))
Expand Down
11 changes: 8 additions & 3 deletions routes/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ exports.index = function (req, res, next) {
});
};

// Insert new vulnerable code:
/*
exports.loginHandler = function (req, res, next) {
if (validator.isEmail(req.body.username)) {
User.find({ username: req.body.username, password: req.body.password }, function (err, users) {
Expand All @@ -50,8 +53,8 @@ exports.loginHandler = function (req, res, next) {
return res.status(401).send()
}
};
// Insert new vuln
/*
if (validator.isEmail(req.body.username)) {
User.find({ username: req.body.username, password: req.body.password }, function (err, users) {
if (users.length > 0) {
Expand Down Expand Up @@ -203,6 +206,8 @@ exports.create = function (req, res, next) {
});
};

// Insert new vulnerable code:
/*
exports.destroy = function (req, res, next) {
Todo.findById(req.params.id, function (err, todo) {
Expand Down Expand Up @@ -243,7 +248,7 @@ exports.update = function (req, res, next) {
});
});
};

*/
// ** express turns the cookie key to lowercase **
exports.current_user = function (req, res, next) {

Expand Down

0 comments on commit 0ea27c7

Please sign in to comment.