Skip to content
This repository has been archived by the owner on Sep 19, 2022. It is now read-only.

Commit

Permalink
Merge pull request #19 from melanger/fixSQLinjection
Browse files Browse the repository at this point in the history 
fix SQL injection vulnerabilities
  • Loading branch information
@vyskocilpavel
vyskocilpavel committed Jul 8, 2019
2 parents 3e94135 + 895456e commit e56b937
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 17 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Expand Up @@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file.

#### Fixed
- Fixed the syntax of CHANGELOG
- Fixed SQL injection vulnerability

## [v3.0.0]
#### Added
Expand Down
47 changes: 30 additions & 17 deletions lib/Auth/Process/DatabaseCommand.php
View file
Expand Up @@ -74,8 +74,9 @@ public static function getSpNameBySpIdentifier($identifier)
$stmt = $conn->prepare(
"SELECT name " .
"FROM " . $tableName . " " .
"WHERE identifier='" . $identifier . "'"
"WHERE identifier=?"
);
$stmt->bind_param('s', $identifier);
$stmt->execute();
$result = $stmt->get_result();
$conn->close();
Expand All @@ -91,8 +92,9 @@ public static function getIdPNameByEntityId($idpEntityId)
$stmt = $conn->prepare(
"SELECT name " .
"FROM " . $tableName . " " .
"WHERE entityId='" . $idpEntityId . "'"
"WHERE entityId=?"
);
$stmt->bind_param('s', $idpEntityId);
$stmt->execute();
$result = $stmt->get_result();
$conn->close();
Expand All @@ -118,9 +120,10 @@ public static function getLoginCountPerDay($days)
"FROM " . $table_name . " " .
"WHERE service != '' AND " .
"CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE()" .
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE()" .
"GROUP BY year DESC,month DESC,day DESC"
);
$stmt->bind_param('d', $days);
}
$stmt->execute();
$result = $stmt->get_result();
Expand All @@ -145,18 +148,20 @@ public static function getLoginCountPerDayForService($days, $spIdentifier)
$stmt = $conn->prepare(
"SELECT year, month, day, SUM(count) AS count " .
"FROM " . $table_name . " " .
"WHERE service='" . $spIdentifier . "' " .
"WHERE service=? " .
"GROUP BY year DESC,month DESC,day DESC"
);
$stmt->bind_param('s', $spIdentifier);
} else {
$stmt = $conn->prepare(
"SELECT year, month, day, SUM(count) AS count " .
"FROM " . $table_name . " " .
"WHERE service='" . $spIdentifier . "' " .
"WHERE service=? " .
"AND CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
"GROUP BY year DESC,month DESC,day DESC"
);
$stmt->bind_param('sd', $spIdentifier, $days);
}
$stmt->execute();
$result = $stmt->get_result();
Expand All @@ -181,18 +186,20 @@ public static function getLoginCountPerDayForIdp($days, $idpIdentifier)
$stmt = $conn->prepare(
"SELECT year, month, day, SUM(count) AS count " .
"FROM " . $table_name . " " .
"WHERE sourceIdP='" . $idpIdentifier . "' " .
"WHERE sourceIdP=? " .
"GROUP BY year DESC,month DESC,day DESC"
);
$stmt->bind_param('s', $idpIdentifier);
} else {
$stmt = $conn->prepare(
"SELECT year, month, day, SUM(count) AS count " .
"FROM " . $table_name . " " .
"WHERE sourceIdP='" . $idpIdentifier . "' " .
"WHERE sourceIdP=? " .
"AND CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
"GROUP BY year DESC,month DESC,day DESC"
);
$stmt->bind_param('sd', $idpIdentifier, $days);
}
$stmt->execute();
$result = $stmt->get_result();
Expand Down Expand Up @@ -228,10 +235,11 @@ public static function getAccessCountPerService($days)
"FROM " . $table_name . " " .
"LEFT OUTER JOIN " . $serviceProvidersMapTableName . " ON service = identifier " .
"WHERE CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
"GROUP BY service HAVING service != '' " .
"ORDER BY count DESC"
);
$stmt->bind_param('d', $days);
}
$stmt->execute();
$result = $stmt->get_result();
Expand Down Expand Up @@ -261,19 +269,21 @@ public static function getAccessCountForServicePerIdentityProviders($days, $spId
"SELECT sourceIdp, service, IFNULL(name,sourceIdp) AS idpName, SUM(count) AS count " .
"FROM " . $table_name . " " .
"LEFT OUTER JOIN " . $identityProvidersMapTableName . " ON sourceIdp = entityId " .
"GROUP BY sourceIdp, service HAVING sourceIdp != '' AND service = '" . $spIdentifier . "' " .
"GROUP BY sourceIdp, service HAVING sourceIdp != '' AND service=? " .
"ORDER BY count DESC"
);
$stmt->bind_param('s', $spIdentifier);
} else {
$stmt = $conn->prepare(
"SELECT year, month, day, sourceIdp, service, IFNULL(name,sourceIdp) AS idpName, SUM(count) AS count " .
"FROM " . $table_name . " " .
"LEFT OUTER JOIN " . $identityProvidersMapTableName . " ON sourceIdp = entityId " .
"WHERE CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
"GROUP BY sourceIdp, service HAVING sourceIdp != '' AND service = '" . $spIdentifier . "' " .
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
"GROUP BY sourceIdp, service HAVING sourceIdp != '' AND service=? " .
"ORDER BY count DESC"
);
$stmt->bind_param('ds', $days, $spIdentifier);
}
$stmt->execute();
$result = $stmt->get_result();
Expand All @@ -295,19 +305,21 @@ public static function getAccessCountForIdentityProviderPerServiceProviders($day
"SELECT sourceIdp, service, IFNULL(name,service) AS spName, SUM(count) AS count " .
"FROM " . $table_name . " " .
"LEFT OUTER JOIN " . $serviceProvidersMapTableName . " ON service = identifier " .
"GROUP BY sourceIdp, service HAVING service != '' AND sourceIdp = '" . $idpEntityId . "' " .
"GROUP BY sourceIdp, service HAVING service != '' AND sourceIdp=? " .
"ORDER BY count DESC"
);
$stmt->bind_param('s', $idpEntityId);
} else {
$stmt = $conn->prepare(
"SELECT year, month, day, sourceIdp, service, IFNULL(name,service) AS spName, SUM(count) AS count " .
"FROM " . $table_name . " " .
"LEFT OUTER JOIN " . $serviceProvidersMapTableName . " ON service = identifier " .
"WHERE CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
"GROUP BY sourceIdp, service HAVING service != '' AND sourceIdp = '" . $idpEntityId . "' " .
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
"GROUP BY sourceIdp, service HAVING service != '' AND sourceIdp=? " .
"ORDER BY count DESC"
);
$stmt->bind_param('ds', $days, $idpEntityId);
}
$stmt->execute();
$result = $stmt->get_result();
Expand Down Expand Up @@ -338,10 +350,11 @@ public static function getLoginCountPerIdp($days)
"FROM " . $tableName . " " .
"LEFT OUTER JOIN " . $identityProvidersMapTableName . " ON sourceIdp = entityId " .
"WHERE CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
"GROUP BY sourceIdp HAVING sourceIdp != '' " .
"ORDER BY count DESC"
);
$stmt->bind_param('d', $days);
}
$stmt->execute();
$result = $stmt->get_result();
Expand Down

0 comments on commit e56b937

Please sign in to comment.