Each pair of students will review a project 2 submission. In the initial phase of this activity, you will review the code by yourself and make a list of potential vulnerabilities. Next, each pair of students will confer regarding the potential vulnerabilities identified in this individual analysis, and make a final list to share. Finally, each pair will share findings.
Work through the code using the following analysis steps. Make a note of potential issues to discuss with your partner.
Begin with a search for XSS vulnerabilities. Review each .hbs file for triple-{{{ variable insertions (consider using the VSCode search panel to do this).
When you find one, look for the render() method that inserted that variable. Trace the source of the variable to see if it comes from an untrusted source, such as a query parameter or form submission. If it comes from an untrusted source, check to see if it has been properly encoded / sanitized for its context / location in the template.
Next, look for SQL injection vulnerabilities. Begin by finding places in the code where SQL statements are sent to the database. Check to see where program variables are inserted into the statements. If they are inserted through string concatenation or string interpolation, check to see if the variable comes from an untrusted source. If the variable comes from an untrusted source, check to see if it has been properly encoded / sanitized for use in the query.
Next, look for broken access control vulnerabilities. Check to see whether actions that modify data in the database check that the user is properly authenticated.
Review your findings with your partner. Identify two issues to share, and decide who will present each.
Present your findings to the class.