74 lines
1.5 KiB
Plaintext
74 lines
1.5 KiB
Plaintext
== How to fix it in Laravel
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,php,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
namespace App\Http\Controllers;
|
|
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\DB;
|
|
|
|
class UserController extends Controller
|
|
{
|
|
public function authenticate(Request $request)
|
|
{
|
|
$user = $request->input('user');
|
|
$pass = $request->input('pass');
|
|
|
|
$query = "SELECT * FROM users WHERE user = '" . $user . "' AND pass = '" . $pass . "'";
|
|
|
|
$users = DB::select($query); // Noncompliant
|
|
|
|
if (count($users) != 1)
|
|
{
|
|
abort(401);
|
|
}
|
|
|
|
return view('authenticated.index');
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,php,diff-id=1,diff-type=compliant]
|
|
----
|
|
namespace App\Http\Controllers;
|
|
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\DB;
|
|
|
|
class UserController extends Controller
|
|
{
|
|
public function authenticate(Request $request)
|
|
{
|
|
$user = $request->input('user');
|
|
$pass = $request->input('pass');
|
|
|
|
$user_exists = DB::table('users')
|
|
->where('user', $user)
|
|
->where('pass', $pass)
|
|
->exists();
|
|
|
|
if (!$user_exists)
|
|
{
|
|
abort(401);
|
|
}
|
|
|
|
return view('authenticated.index');
|
|
}
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
:secure_feature: Illuminate
|
|
:unsafe_function: DB::raw()
|
|
include::../../common/fix/secure-by-design.adoc[]
|
|
|