Skip to content

Add Flask login handler (SQL injection via data flow)#7

Open
appsechq-brian wants to merge 3 commits into
mainfrom
demo-sqli-data-flow
Open

Add Flask login handler (SQL injection via data flow)#7
appsechq-brian wants to merge 3 commits into
mainfrom
demo-sqli-data-flow

Conversation

@appsechq-brian
Copy link
Copy Markdown
Collaborator

@appsechq-brian appsechq-brian commented Apr 13, 2026

Summary

Adds login_handler.py — a Flask web layer that exposes authentication over HTTP.

Contains two SQL injection vulnerabilities where user-controlled input flows from HTTP request parameters directly into SQL query execution:

  • POST /loginrequest.form['username'] and request.form['password'] concatenated into SQL
  • GET /searchrequest.args['name'] concatenated into a LIKE query

Demo purpose

This PR demonstrates the delta scan catching a data flow SQL injection finding (CWE-89).

Unlike the MD5 findings in PR #6 (pattern-based — no source needed), SQL injection requires tracing a tainted source to a dangerous sink. Both source (request.form.get(...)) and sink (cursor.execute(...)) are in this single new file, giving the SAST engine the complete chain within the diff.

@appsechq-brian
Update pinned action SHAs to v6 (Node.js 24 compatible)
2e4ffe7
@appsechq-brian
Add login handler with SQL injection vulnerabilities
cdea094 
login_handler.py exposes user authentication over HTTP via Flask.
Contains two SQL injection vectors: POST /login and GET /search,
both feeding unsanitized request input directly into SQL queries.
@appsechq-brian
Add password hashing to register endpoint (MD5 weak hash)
9e9b930
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@appsechq-brian