diff --git a/pom.xml b/pom.xml
index 59ded44..8aa39a0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -72,6 +72,11 @@
1.10.19
test
+
+ org.apache.logging.log4j
+ log4j-core
+ 2.14.0
+
diff --git a/src/main/java/demo/security/servlet/Insecure.java b/src/main/java/demo/security/servlet/Insecure.java
index 3ba3d02..6da82eb 100644
--- a/src/main/java/demo/security/servlet/Insecure.java
+++ b/src/main/java/demo/security/servlet/Insecure.java
@@ -8,7 +8,9 @@
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
+import java.sql.PreparedStatement;
import java.sql.ResultSet;
+import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.http.Cookie;
@@ -38,6 +40,28 @@ public String taintedSQL(HttpServletRequest request, Connection connection) thro
ResultSet resultSet = statement.executeQuery(query);
return resultSet.getString(0);
}
+
+ public String taintedSQLByUsername(HttpServletRequest request, Connection connection) throws SQLException {
+ String username = request.getParameter("username");
+ String query = "SELECT * FROM users WHERE username = ?";
+ try (PreparedStatement statement = connection.prepareStatement(query)) {
+ statement.setString(1, username);
+ try (ResultSet resultSet = statement.executeQuery()) {
+ return resultSet.getString(1);
+ }
+ }
+ }
+
+ public String taintedSQLByEmail(HttpServletRequest request, Connection connection) throws SQLException {
+ String email = request.getParameter("email");
+ String query = "SELECT * FROM users WHERE email = ?";
+ try (PreparedStatement statement = connection.prepareStatement(query)) {
+ statement.setString(1, email);
+ try (ResultSet resultSet = statement.executeQuery()) {
+ return resultSet.getString(1);
+ }
+ }
+ }
public String hotspotSQL(Connection connection, String user) throws Exception {
Statement statement = null;