Skip to content
Permalink
Browse files Browse the repository at this point in the history
SQL Injection
Changed all of the SQL Queries to be safe from SQL Injeection
  • Loading branch information
tbezman committed Nov 24, 2014
1 parent b626e6c commit 2957fc9
Show file tree
Hide file tree
Showing 10 changed files with 250 additions and 214 deletions.
7 changes: 6 additions & 1 deletion src/com/bezman/background/DailySubmission.java
Expand Up @@ -4,6 +4,7 @@
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
Expand Down Expand Up @@ -116,7 +117,11 @@ public static DailySubmission submissionFromRow(ResultSet resultSet) throws SQLE

String sales = "";

ResultSet salesSet = IndexServlet.execQuery("select * from sales where date='" + date + "'");
PreparedStatement statement = IndexServlet.connection.prepareStatement("select * from sales where date=?");
statement.setTimestamp(1, date);

ResultSet salesSet = statement.executeQuery();

while(salesSet.next()){
sales += salesSet.getString("sale") + ",";
}
Expand Down
31 changes: 8 additions & 23 deletions src/com/bezman/servlet/Attendance.java
Expand Up @@ -8,8 +8,8 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
Expand Down Expand Up @@ -45,7 +45,12 @@ public String getAttendanceJSON(Model model, HttpServletRequest request, @Reques
System.out.println(month + "/ " + day + "/ " + year);

try {
ResultSet resultSet = IndexServlet.execQuery("select * from daily where MONTH(date)='" + month + "' and DAY(date)='" + day + "' and YEAR(date)='" + year + "' order by period");
PreparedStatement statement = IndexServlet.connection.prepareStatement("select * from daily where MONTH(date)=? and DAY(date)=? and YEAR(date)=? order by period");
statement.setString(1, month);
statement.setString(2, day);
statement.setString(3, year);

ResultSet resultSet = statement.executeQuery();

while(resultSet.next()){
jsonArray.add(resultSet.getString("names") + ";" + resultSet.getString("period"));
Expand All @@ -61,27 +66,7 @@ public String getAttendanceJSON(Model model, HttpServletRequest request, @Reques
@RequestMapping(value = "/attendance", method = {RequestMethod.GET})
public String getAttendance(Model model, HttpServletRequest request, @RequestParam(value = "month", required = false) String month, @RequestParam(value = "day", required = false) String day, @RequestParam(value = "year", required = false) String year) {

Cookie cookie = IndexServlet.getCookie(request.getCookies(), "sessionID");
if (cookie != null){
try {
ResultSet resultSet = IndexServlet.execQuery("select * from sessions where sessionID='" + cookie.getValue() + "'");
String username = null;

while(resultSet.next()){
model.addAttribute("username", resultSet.getString("username"));
username = resultSet.getString("username");
}

System.out.println("Username : " + username);
ResultSet accountSet = IndexServlet.execQuery("select * from accounts where username='" + username + "'");

while(accountSet.next()){
model.addAttribute("role", accountSet.getString("role"));
}
} catch (SQLException e) {
e.printStackTrace();
}
}
IndexServlet.servletLoginCheck(model, request);

model.addAttribute("namesJSON", getAttendanceJSON(model, request, month, day, year));

Expand Down
56 changes: 24 additions & 32 deletions src/com/bezman/servlet/DailyServlet.java
Expand Up @@ -10,8 +10,8 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Comparator;
Expand All @@ -26,40 +26,24 @@ public class DailyServlet {
@RequestMapping(value = "/daily", method = RequestMethod.GET)
public String getDaily(Model model, HttpServletRequest request){

Cookie cookie = IndexServlet.getCookie(request.getCookies(), "sessionID");
if (cookie != null){
try {
ResultSet resultSet = IndexServlet.execQuery("select * from sessions where sessionID='" + cookie.getValue() + "'");
String username = null;
IndexServlet.servletLoginCheck(model, request);

while(resultSet.next()){
model.addAttribute("username", resultSet.getString("username"));
username = resultSet.getString("username");
}

System.out.println("Username : " + username);
ResultSet accountSet = IndexServlet.execQuery("select * from accounts where username='" + username + "'");

while(accountSet.next()){
model.addAttribute("role", accountSet.getString("role"));
}

ResultSet itemSet = IndexServlet.execQuery("select * from items");
JSONArray jsonArray = new JSONArray();
try {
ResultSet itemSet = IndexServlet.execQuery("select * from items");
JSONArray jsonArray = new JSONArray();

while(itemSet.next()){
JSONObject jsonObject = new JSONObject();
while (itemSet.next()) {
JSONObject jsonObject = new JSONObject();

jsonObject.put("itemName", itemSet.getString("name"));
jsonObject.put("priceOfItem", itemSet.getDouble("price"));
jsonObject.put("itemName", itemSet.getString("name"));
jsonObject.put("priceOfItem", itemSet.getDouble("price"));

jsonArray.add(jsonObject);
}

model.addAttribute("itemNames", StringEscapeUtils.escapeJavaScript(jsonArray.toJSONString()));
} catch (SQLException e) {
e.printStackTrace();
jsonArray.add(jsonObject);
}

model.addAttribute("itemNames", StringEscapeUtils.escapeJavaScript(jsonArray.toJSONString()));
}catch (SQLException e){
e.printStackTrace();
}

return "daily";
Expand All @@ -72,8 +56,16 @@ public String getStudents(Model model, @RequestParam(value = "period", required
JSONArray jsonArray = new JSONArray();

try {
String query = period == null ? "select * from students" : "select * from students where period='" + period + "' ORDER BY period ASC";
ResultSet resultSet = IndexServlet.execQuery(query);
PreparedStatement statement;

if (period == null){
statement = IndexServlet.connection.prepareStatement("SELECT * FROM students");
}else{
statement = IndexServlet.connection.prepareStatement("SELECT * FROM students WHERE period=? ORDER BY period ASC");
statement.setString(1, period);
}

ResultSet resultSet = statement.executeQuery();

while(resultSet.next()){
JSONObject jsonObject = new JSONObject();
Expand Down
60 changes: 38 additions & 22 deletions src/com/bezman/servlet/IndexServlet.java
Expand Up @@ -28,26 +28,7 @@ public class IndexServlet {
@RequestMapping(value = "/",method = RequestMethod.GET)
public String processWelcome(Model model, HttpServletRequest request){

Cookie cookie = IndexServlet.getCookie(request.getCookies(), "sessionID");
if (cookie != null){
try {
ResultSet resultSet = IndexServlet.execQuery("select * from sessions where sessionID='" + cookie.getValue() + "'");
String username = null;

while(resultSet.next()){
model.addAttribute("username", resultSet.getString("username"));
username = resultSet.getString("username");
}

ResultSet accountSet = IndexServlet.execQuery("select * from accounts where username='" + username + "'");

while(accountSet.next()){
model.addAttribute("role", accountSet.getString("role"));
}
} catch (SQLException e) {
e.printStackTrace();
}
}
IndexServlet.servletLoginCheck(model, request);

model.addAttribute("motd", StringEscapeUtils.escapeHtml(Reference.motd).replace("\n", "<br/>"));

Expand All @@ -74,7 +55,10 @@ public boolean queryDoesReturn(String query) throws SQLException {

public static boolean isSessionAdmin(String sessionID){
try {
ResultSet resultSet = IndexServlet.execQuery("select * from sessions where sessionID='" + sessionID + "'");
PreparedStatement sessionStatement = IndexServlet.connection.prepareStatement("SELECT * from sessions WHERE sessionID=?");
sessionStatement.setString(1, sessionID);

ResultSet resultSet = sessionStatement.executeQuery();

String username = null;

Expand All @@ -85,7 +69,10 @@ public static boolean isSessionAdmin(String sessionID){
if(username == null)
return false;

ResultSet accountsSet = IndexServlet.execQuery("select * from accounts where username='" + username + "'");
PreparedStatement roleStatement = IndexServlet.connection.prepareStatement("SELECT * from accounts where username=?");
roleStatement.setString(1, username);

ResultSet accountsSet = roleStatement.executeQuery();

while(accountsSet.next()){
if (accountsSet.getString("role").equals("admin"))
Expand Down Expand Up @@ -148,4 +135,33 @@ public static Cookie getCookie(Cookie[] cookies, String name){

return new Cookie("12", "12");
}

public static void servletLoginCheck(Model model, HttpServletRequest request){
Cookie cookie = IndexServlet.getCookie(request.getCookies(), "sessionID");
if (cookie != null){
try {
PreparedStatement statement = IndexServlet.connection.prepareStatement("SELECT * from sessions where sessionID=?");
statement.setString(1, cookie.getValue());

ResultSet resultSet = statement.executeQuery();
String username = null;

while(resultSet.next()){
model.addAttribute("username", resultSet.getString("username"));
username = resultSet.getString("username");
}

PreparedStatement roleStatement = IndexServlet.connection.prepareStatement("SELECT * from accounts where username=?");
roleStatement.setString(1, username);

ResultSet accountSet = roleStatement.executeQuery();

while(accountSet.next()){
model.addAttribute("role", accountSet.getString("role"));
}
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
86 changes: 50 additions & 36 deletions src/com/bezman/servlet/ItemRecapServlet.java
Expand Up @@ -10,14 +10,12 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.stream.Collectors;
import java.util.*;

/**
* Created by Terence on 11/16/2014.
Expand All @@ -29,26 +27,7 @@ public class ItemRecapServlet {
@RequestMapping(value = "/itemrecap", method = {RequestMethod.GET, RequestMethod.POST})
public String getItemRecap(Model model, HttpServletRequest request){

Cookie cookie = IndexServlet.getCookie(request.getCookies(), "sessionID");
if (cookie != null){
try {
ResultSet resultSet = IndexServlet.execQuery("select * from sessions where sessionID='" + cookie.getValue() + "'");
String username = null;

while(resultSet.next()){
model.addAttribute("username", resultSet.getString("username"));
username = resultSet.getString("username");
}

ResultSet accountSet = IndexServlet.execQuery("select * from accounts where username='" + username + "'");

while(accountSet.next()){
model.addAttribute("role", accountSet.getString("role"));
}
} catch (SQLException e) {
e.printStackTrace();
}
}
IndexServlet.servletLoginCheck(model, request);

return "itemrecap";
}
Expand All @@ -63,26 +42,61 @@ public String itemRecapJSON(@RequestParam(value = "month", required = false) Str
ArrayList params = new ArrayList();
ArrayList<ItemSale> items = new ArrayList<>();

if (month != null)
params.add("MONTH(date)='" + month + "' ");
HashMap<Integer, String> valueMap = new HashMap<>();

if (day != null)
params.add("DAY(date)='" + day + "' ");
Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("America/New_York"));

if (year != null)
params.add("YEAR(date)='" + year + "' ");
int predCount = 1;

if (month == null && day == null && year == null)
query = "select * from sales";
else query += params.stream().collect(Collectors.joining(" and "));
if (month != null) {
query += "MONTH(date)=?";

valueMap.put(predCount, month);

predCount++;
}

if (day != null) {

if (predCount > 1)
query += " and ";

query += "DAY(date)=?";

valueMap.put(predCount, day);

if (order == null)
order = "";
predCount++;
}

if (year != null) {

if (predCount > 1)
query += " and ";

query += "YEAR(date)=?";

valueMap.put(predCount, year);

predCount++;
}

if (month == null && day == null && year == null)
query = "SELECT * from sales";

System.out.println(query);

try {
ResultSet resultSet = IndexServlet.execQuery(query);

PreparedStatement statement = IndexServlet.connection.prepareStatement(query);

for(Integer integer : valueMap.keySet()){
statement.setString(integer, valueMap.get(integer));
}

System.out.println(statement.toString());


ResultSet resultSet = statement.executeQuery();

while(resultSet.next()){
String sale = resultSet.getString("sale");
Expand Down
23 changes: 1 addition & 22 deletions src/com/bezman/servlet/ItemSettings.java
Expand Up @@ -10,7 +10,6 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
Expand All @@ -26,27 +25,7 @@ public class ItemSettings {
@RequestMapping(value = "/itemsettings", method = {RequestMethod.GET})
public String ItemSettings(Model model, HttpServletRequest request){

Cookie cookie = IndexServlet.getCookie(request.getCookies(), "sessionID");
if (cookie != null){
try {
ResultSet resultSet = IndexServlet.execQuery("select * from sessions where sessionID='" + cookie.getValue() + "'");
String username = null;

while(resultSet.next()){
model.addAttribute("username", resultSet.getString("username"));
username = resultSet.getString("username");
}

System.out.println("Username : " + username);
ResultSet accountSet = IndexServlet.execQuery("select * from accounts where username='" + username + "'");

while(accountSet.next()){
model.addAttribute("role", accountSet.getString("role"));
}
} catch (SQLException e) {
e.printStackTrace();
}
}
IndexServlet.servletLoginCheck(model, request);

JSONArray jsonArray = new JSONArray();

Expand Down

0 comments on commit 2957fc9

Please sign in to comment.