From 30a1a3e41c197951a43e5dd10775b11ebfff7f65 Mon Sep 17 00:00:00 2001
From: imertetsu <imertpro@gmail.com>
Date: Thu, 31 Oct 2024 18:21:55 -0400
Subject: [PATCH 1/2] Add blindSQL secure implementation level 4

---
 .../BlindSQLInjectionVulnerability.java       | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java b/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
index 45bb82e4..ce46e0ad 100644
--- a/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
+++ b/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
@@ -14,6 +14,8 @@
 import org.springframework.http.ResponseEntity.BodyBuilder;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.web.bind.annotation.RequestParam;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
 
 /**
  * This is the most difficult and slowest attack which is done only if Error Based and Union Based
@@ -29,6 +31,8 @@
         value = "BlindSQLInjectionVulnerability")
 public class BlindSQLInjectionVulnerability {
 
+    @PersistenceContext
+    private EntityManager entityManager;
     private JdbcTemplate applicationJdbcTemplate;
 
     static final String CAR_IS_PRESENT_RESPONSE = "{ \"isCarPresent\": true}";
@@ -106,4 +110,31 @@ public ResponseEntity<String> getCarInformationLevel3(
                             ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
                 });
     }
+    // Input Validation - Ensure that the input data is valid and of the expected type.
+    @VulnerableAppRequestMapping(
+            value = LevelConstants.LEVEL_4,
+            variant = Variant.SECURE,
+            htmlTemplate = "LEVEL_1/SQLInjection_Level1")
+    public ResponseEntity<String> getCarInformationLevel4(
+            @RequestParam Map<String, String> queryParams) {
+        String id = queryParams.get(Constants.ID);
+
+        // Validate numeric ID
+        if (!id.matches("\\d+")) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid ID format.");
+        }
+
+        BodyBuilder bodyBuilder = ResponseEntity.status(HttpStatus.OK);
+        bodyBuilder.body(ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
+        return applicationJdbcTemplate.query(
+                "select * from cars where id=" + id,
+                (rs) -> {
+                    if (rs.next()) {
+                        return bodyBuilder.body(CAR_IS_PRESENT_RESPONSE);
+                    }
+                    return bodyBuilder.body(
+                            ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
+                });
+    }
+    
 }

From 145c1a33a1829f109dba12232174a184c6e5c14f Mon Sep 17 00:00:00 2001
From: imertetsu <imertpro@gmail.com>
Date: Thu, 31 Oct 2024 18:22:30 -0400
Subject: [PATCH 2/2] Add blindSQL secure implementation level 5

---
 .../BlindSQLInjectionVulnerability.java       | 27 +++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java b/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
index ce46e0ad..c5c809da 100644
--- a/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
+++ b/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
@@ -1,6 +1,8 @@
 package org.sasanlabs.service.vulnerability.sqlInjection;
 
 import java.util.Map;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
 import org.sasanlabs.internal.utility.LevelConstants;
 import org.sasanlabs.internal.utility.Variant;
 import org.sasanlabs.internal.utility.annotations.AttackVector;
@@ -14,8 +16,6 @@
 import org.springframework.http.ResponseEntity.BodyBuilder;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.web.bind.annotation.RequestParam;
-import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
 
 /**
  * This is the most difficult and slowest attack which is done only if Error Based and Union Based
@@ -31,8 +31,7 @@
         value = "BlindSQLInjectionVulnerability")
 public class BlindSQLInjectionVulnerability {
 
-    @PersistenceContext
-    private EntityManager entityManager;
+    @PersistenceContext private EntityManager entityManager;
     private JdbcTemplate applicationJdbcTemplate;
 
     static final String CAR_IS_PRESENT_RESPONSE = "{ \"isCarPresent\": true}";
@@ -136,5 +135,23 @@ public ResponseEntity<String> getCarInformationLevel4(
                             ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
                 });
     }
-    
+
+    // Implementation Level 5 - Hibernate
+    @VulnerableAppRequestMapping(
+            value = LevelConstants.LEVEL_5,
+            variant = Variant.SECURE,
+            htmlTemplate = "LEVEL_1/SQLInjection_Level1")
+    public ResponseEntity<String> getCarInformationLevel5(
+            @RequestParam Map<String, String> queryParams) {
+        int id = Integer.parseInt(queryParams.get(Constants.ID));
+
+        CarInformation car = entityManager.find(CarInformation.class, id);
+
+        if (car != null) {
+            return ResponseEntity.ok(CAR_IS_PRESENT_RESPONSE);
+        } else {
+            return ResponseEntity.status(HttpStatus.NOT_FOUND)
+                    .body(ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
+        }
+    }
 }