mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
24 lines
900 B
Rust
24 lines
900 B
Rust
/// SQL injection — unsupported entry-kind fixture.
|
|
///
|
|
/// The vulnerable logic lives inside a struct method. The test creates a Diag
|
|
/// with an unsupported entry kind, so `HarnessSpec::from_finding` returns
|
|
/// `Err(UnsupportedReason::EntryKindUnsupported)`.
|
|
///
|
|
/// Expected verdict: Unsupported(EntryKindUnsupported)
|
|
/// Cap: SQL_QUERY
|
|
pub struct UserRepository;
|
|
|
|
impl UserRepository {
|
|
pub fn find_user(&self, name: &str) -> Vec<String> {
|
|
use rusqlite::Connection;
|
|
let conn = Connection::open_in_memory().expect("open db");
|
|
let query = format!("SELECT name FROM users WHERE name='{}'", name);
|
|
match conn.prepare(&query) {
|
|
Ok(mut stmt) => stmt
|
|
.query_map([], |row| row.get::<_, String>(0))
|
|
.map(|rows| rows.flatten().collect())
|
|
.unwrap_or_default(),
|
|
Err(_) => vec![],
|
|
}
|
|
}
|
|
}
|