From 9d41a14926c388bc20003e577b59c0f9bd9ddf35 Mon Sep 17 00:00:00 2001 From: Tobias Zoghaib Date: Wed, 20 Nov 2024 11:34:44 +0100 Subject: [PATCH] Exercise 2.5 added --- backend/data/exercises.json | 14 +++++++------- backend/routes/band.routes.ts | 16 ++++++++-------- src/data/enums/bannerStateEnum.ts | 8 ++++---- src/stores/account.store.ts | 8 -------- src/stores/exercise.store.ts | 4 ++-- src/stores/feedback.store.ts | 22 ++++++++++------------ src/stores/search.store.ts | 3 +++ 7 files changed, 34 insertions(+), 41 deletions(-) diff --git a/backend/data/exercises.json b/backend/data/exercises.json index 3043f30..0cb0f30 100644 --- a/backend/data/exercises.json +++ b/backend/data/exercises.json @@ -85,6 +85,13 @@ "exerciseNr": 4, "descriptionDe": "Wir infiltrieren nun einen Account. Suche dir dafür aus der Liste der in Aufgabe 2.1 erhaltenen einen Account heraus, welcher die Rolle >>Super-Admin<< inne hat. Nur damit lässt sich die Dateiverwaltung welche wir später brauchen öffnen. Hast du den Account-Namen gefunden, gehe ins Login-Menü (logge dich aus, falls du noch angemeldet bist). Führe nun einen SQL-Injektion durch um diesen Account zu übernehmen.", "descriptionEn": "todo" + }, + { + "nameDe": "Bewertungen löschen", + "nameEn": "Delete ratings", + "exerciseNr": 5, + "descriptionDe": "Jede Band hat Bewertungen auf einer Skala von eins bis fünf Sternen erhalten. Wir wollen alle Fünf-Sterne Bewertungen aus der Datenbank löschen. Schreibe eine SQL Injection, welche in der Tabelle >>Ratings<< alle Einträge mit der Bedingung >>rating = 5<< entfernt. Führe die Injection über die globale Suche aus.", + "descriptionEn": "todo" } ] }, @@ -108,13 +115,6 @@ "exerciseNr": 2, "descriptionDe": "Bearbeite die URL des Shops so, dass du das Script ausführen kannst", "descriptionEn": "Create an URL of the shop, which calls the script" - }, - { - "nameDe": "Hacken mit eigenem Script", - "nameEn": "Hack with your script", - "exerciseNr": 3, - "descriptionDe": "Schreibe eine JavaScript Datei, lade sie über das Admin Panel hoch und kreiere eine URL, welche es ausführt", - "descriptionEn": "Write our own JavaScript file, upload it via Admin Panel and create an URL to execute it" } ] } diff --git a/backend/routes/band.routes.ts b/backend/routes/band.routes.ts index 48af6cc..1f23f2e 100644 --- a/backend/routes/band.routes.ts +++ b/backend/routes/band.routes.ts @@ -144,16 +144,16 @@ band.get("/search", async (req: Request, res: Response) => { res.status(200).json(results) } else { Band.findAll({ - where: { - name: { - [Op.substring]: req.query.value + where: { + name: { + [Op.substring]: req.query.value + }, }, - }, - include: [ Concert, Genre ] - }) - .then(bands => { - res.status(200).json(bands) + include: [ Concert, Genre ] }) + .then(bands => { + res.status(200).json(bands) + }) } }) diff --git a/src/data/enums/bannerStateEnum.ts b/src/data/enums/bannerStateEnum.ts index e0f322b..b777b8e 100644 --- a/src/data/enums/bannerStateEnum.ts +++ b/src/data/enums/bannerStateEnum.ts @@ -21,20 +21,20 @@ export enum BannerStateEnum { EXERCISESOLVED12, - EXERCISESOLVED13, - EXERCISESOLVED21, EXERCISESOLVED22, EXERCISESOLVED23, + EXERCISESOLVED24, + + EXERCISESOLVED25, + EXERCISESOLVED31, EXERCISESOLVED32, - EXERCISESOLVED33, - ////////// API Endpoint /api ////////// diff --git a/src/stores/account.store.ts b/src/stores/account.store.ts index 9bbba5f..ce9b601 100644 --- a/src/stores/account.store.ts +++ b/src/stores/account.store.ts @@ -195,10 +195,6 @@ export const useAccountStore = defineStore("accountStore", { }) }, - async getAdresses() { - - }, - /** * Remove an address from the user model * @@ -221,10 +217,6 @@ export const useAccountStore = defineStore("accountStore", { ) }, - editAccount(item: AccountModel) { - // todo - }, - async deleteAccount(account: AccountModel) { this.fetchInProgress = true diff --git a/src/stores/exercise.store.ts b/src/stores/exercise.store.ts index 37d4492..abd31df 100644 --- a/src/stores/exercise.store.ts +++ b/src/stores/exercise.store.ts @@ -81,7 +81,6 @@ export const useExerciseStore = defineStore("exerciseStore", { switch(exerciseNr) { case 1: bannerState = BannerStateEnum.EXERCISESOLVED11; break; case 2: bannerState = BannerStateEnum.EXERCISESOLVED12; break; - case 3: bannerState = BannerStateEnum.EXERCISESOLVED13; break; } break; @@ -92,6 +91,8 @@ export const useExerciseStore = defineStore("exerciseStore", { case 1: bannerState = BannerStateEnum.EXERCISESOLVED21; break; case 2: bannerState = BannerStateEnum.EXERCISESOLVED22; break; case 3: bannerState = BannerStateEnum.EXERCISESOLVED23; break; + case 4: bannerState = BannerStateEnum.EXERCISESOLVED24; break; + case 5: bannerState = BannerStateEnum.EXERCISESOLVED25; break; } break; @@ -101,7 +102,6 @@ export const useExerciseStore = defineStore("exerciseStore", { switch(exerciseNr) { case 1: bannerState = BannerStateEnum.EXERCISESOLVED31; break; case 2: bannerState = BannerStateEnum.EXERCISESOLVED32; break; - case 3: bannerState = BannerStateEnum.EXERCISESOLVED33; break; } break; diff --git a/src/stores/feedback.store.ts b/src/stores/feedback.store.ts index 76d8714..b50c682 100644 --- a/src/stores/feedback.store.ts +++ b/src/stores/feedback.store.ts @@ -74,10 +74,6 @@ export const useFeedbackStore = defineStore("feedbackStore", { return this.i18n.t("bannerMessages.exerciseSolvedNr", [1, 2]) - case BannerStateEnum.EXERCISESOLVED13: - return this.i18n.t("bannerMessages.exerciseSolvedNr", [1, 3]) - - case BannerStateEnum.EXERCISESOLVED21: return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 1]) @@ -88,6 +84,12 @@ export const useFeedbackStore = defineStore("feedbackStore", { case BannerStateEnum.EXERCISESOLVED23: return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 3]) + + case BannerStateEnum.EXERCISESOLVED24: + return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 4]) + + case BannerStateEnum.EXERCISESOLVED25: + return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 5]) case BannerStateEnum.EXERCISESOLVED31: @@ -98,10 +100,6 @@ export const useFeedbackStore = defineStore("feedbackStore", { return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 2]) - case BannerStateEnum.EXERCISESOLVED33: - return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 3]) - - ////////// API Endpoint /api ////////// @@ -208,13 +206,13 @@ export const useFeedbackStore = defineStore("feedbackStore", { case BannerStateEnum.EXERCISESOLVED03: case BannerStateEnum.EXERCISESOLVED11: case BannerStateEnum.EXERCISESOLVED12: - case BannerStateEnum.EXERCISESOLVED13: case BannerStateEnum.EXERCISESOLVED21: case BannerStateEnum.EXERCISESOLVED22: case BannerStateEnum.EXERCISESOLVED23: + case BannerStateEnum.EXERCISESOLVED24: + case BannerStateEnum.EXERCISESOLVED25: case BannerStateEnum.EXERCISESOLVED31: case BannerStateEnum.EXERCISESOLVED32: - case BannerStateEnum.EXERCISESOLVED33: return "purple" case BannerStateEnum.BASKETPRODUCTREMOVED: @@ -239,13 +237,13 @@ export const useFeedbackStore = defineStore("feedbackStore", { case BannerStateEnum.EXERCISESOLVED03: case BannerStateEnum.EXERCISESOLVED11: case BannerStateEnum.EXERCISESOLVED12: - case BannerStateEnum.EXERCISESOLVED13: case BannerStateEnum.EXERCISESOLVED21: case BannerStateEnum.EXERCISESOLVED22: case BannerStateEnum.EXERCISESOLVED23: + case BannerStateEnum.EXERCISESOLVED24: + case BannerStateEnum.EXERCISESOLVED25: case BannerStateEnum.EXERCISESOLVED31: case BannerStateEnum.EXERCISESOLVED32: - case BannerStateEnum.EXERCISESOLVED33: return "mdi-check-circle-outline" case BannerStateEnum.DATABASERESETSUCCESSFUL: diff --git a/src/stores/search.store.ts b/src/stores/search.store.ts index 85f4c03..eee80aa 100644 --- a/src/stores/search.store.ts +++ b/src/stores/search.store.ts @@ -38,12 +38,15 @@ export const useSearchStore = defineStore("searchStore", { this.fetchInProgress = true // Exercise solutions + // todo: Rewrite to avoid easy exercise solution if (this.searchTerm.endsWith("'); SELECT * FROM Accounts; --")) { exerciseStore.solveExercise(2, 1) } else if (this.searchTerm.endsWith("'); SELECT * FROM AccountRoles; --")) { exerciseStore.solveExercise(2, 2) } else if (this.searchTerm.includes("'); UPDATE Accounts SET accountRoleId = 2 WHERE username = ")) { exerciseStore.solveExercise(2, 3) + } else if (this.searchTerm.includes("'); DELETE FROM Ratings WHERE rating = 5;")) { + exerciseStore.solveExercise(2, 5) } await fetchBandsBySearchTerm(this.searchTerm)