[SAST] SQL_Injection in file QueryApi.java(GONRG-8065, GONRG-8066) (!248) · Merge requests · OSDU Software / OSDU Data Platform / Domain Data Management Services / Well-Planning-Execution / Well Delivery

Rustam Lotsmanenko (EPAM) requested to merge gc-fix-sql-injection into master Nov 10, 2023

Vulnerability was detected in project source code. Security testing type: SAST.

	Source	Destination
File	well-delivery/wd-core/src/main/java/org/opengroup/osdu/wd/core/api/QueryApi.java	well-delivery/provider/wd-gc/src/main/java/org/opengroup/osdu/wd/gcp/dataaccess/db/postgres/JdbcEntityRepository.java
Line number	108	441
Object	type	query
Code line	@PathVariable("type") String type,	entities = jdbcTemplate.query(sqlQuery,

The application's getJdbcEntity method executes an SQL query with query, at line 441 of \well-delivery\provider\wd-gc\src\main\java\org\opengroup\osdu\wd\gcp\dataaccess\db\postgres\JdbcEntityRepository.java. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.An attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input type; this input is then read by the getObjectsByWellbore_actual method at line 108 of \well-delivery\wd-core\src\main\java\org\opengroup\osdu\wd\core\api\QueryApi.java. This input then flows through the code, into a query and to the database server - without sanitization.This may enable an SQL Injection attack.

Edited Nov 13, 2023 by Rustam Lotsmanenko (EPAM)

[SAST] SQL_Injection in file QueryApi.java(GONRG-8065, GONRG-8066)

Merge request reports