Vulny-Code-Static-Analysis/vulns/doctrine-dbal-dangerous-que...

50 lines
1.5 KiB
PHP
Raw Normal View History

2022-04-30 13:00:48 +00:00
<?php
class ProductRepository extends ServiceEntityRepository
{
public function test1(int $price): array
{
$conn = $this->getEntityManager()->getConnection();
$sql = "SELECT * FROM product p WHERE p.price > " . $_GET['cur_price']. " ORDER BY p.price ASC";
// ruleid: doctrine-dbal-dangerous-query
$stmt = $conn->prepare($sql);
$stmt->execute(['price' => $price]);
return $stmt->fetchAllAssociative();
}
public function test2(): array
{
$conn = $this->getEntityManager()->getConnection();
// ruleid: doctrine-dbal-dangerous-query
$query = $conn->createQuery("SELECT u FROM User u WHERE u.username = '" . $_GET['username'] . "'");
$data = $query->getResult();
return $data;
}
public function okTest1(int $price): array
{
$conn = $this->getEntityManager()->getConnection();
$sql = "SELECT * FROM users WHERE username = ?";
// ok: doctrine-dbal-dangerous-query
$stmt = $conn->prepare($sql);
$stmt->bindValue(1, $_GET['username']);
$resultSet = $stmt->executeQuery();
return $resultSet;
}
public function okTest2(int $price): array
{
$conn = $this->foobar();
$sql = "SELECT * FROM users WHERE username = ?";
// ok: doctrine-dbal-dangerous-query
$stmt = $conn->prepare($sql);
$stmt->bindValue(1, $_GET['username']);
$resultSet = $stmt->executeQuery();
return $resultSet;
}
}