demo___customer_pitch-862af2a4-ea65-4b0f-b730-37bd03d5ed98.zip-extract/sources/server/routes/api.js

Path
demo___customer_pitch-862af2a4-ea65-4b0f-b730-37bd03d5ed98.zip-extract/sources/server/routes/api.js
Status
scanned
Type
file
Name
api.js
Extension
.js
Programming language
JavaScript
Mime type
text/plain
File type
UTF-8 Unicode text
Tag

      
    
Rootfs path

      
    
Size
1647 (1.6 KB)
MD5
41a61633bf11b4ca36af1562c3183cec
SHA1
58f8380ae273d1eaddff8e7c06f29ceb351f8baf
SHA256
097caa63d10ab00fb5e989c2ace7b48728958f1bfd8b7f832d935732bab98f1f
SHA512

      
    
SHA1_git
b5b0af8bc2919655c2f54b5a722bca7e67cf46a7
Is binary

      
    
Is text
True
Is archive

      
    
Is media

      
    
Is legal

      
    
Is manifest

      
    
Is readme

      
    
Is top level

      
    
Is key file

      
    
api.js | 1.6 KB |

// SPDX-License-Identifier: MIT // Copyright (c) 2024-2026 Acme Corp. // // REST endpoints for the demo app. Wraps a small subset of the catalogue // service (products, comments, search). // // DEMO FIXTURE — known SQL injection on line 45 (string concatenation // instead of parameterised query). Kept here intentionally so curators // have a reproducible SAST finding to walk through. const express = require("express"); const { getPool } = require("../config/database"); const router = express.Router(); router.get("/products", async (_req, res) => { const pool = getPool(); const { rows } = await pool.query("SELECT id, name, price FROM products LIMIT 50"); res.json(rows); }); router.get("/products/:id", async (req, res) => { const pool = getPool(); const { rows } = await pool.query( "SELECT id, name, price, description FROM products WHERE id = $1", [req.params.id], ); if (rows.length === 0) return res.status(404).end(); res.json(rows[0]); }); router.post("/comments", async (req, res) => { const pool = getPool(); const { productId, body } = req.body; await pool.query( "INSERT INTO comments (product_id, body) VALUES ($1, $2)", [productId, body], ); res.status(201).end(); }); router.get("/search", async (req, res) => { const term = req.query.q ?? ""; const pool = getPool(); // FIXME: replace concat with $1 binding (see SECURITY-114) const query = "SELECT id, name FROM products WHERE name LIKE '%" + term + "%'"; const { rows } = await pool.query(query); res.json(rows); }); module.exports = { apiRouter: router };
Detected license expression
mit
Detected license expression (SPDX)
MIT
Percentage of license text
1.94
Copyrights
- end_line: 2
  copyright: Copyright (c) 2024-2026 Acme Corp.
  start_line: 2
Holders
- holder: Acme Corp.
  end_line: 2
  start_line: 2
Authors

      
    
License detections License expression License expression SPDX
mit-70c99094-5482-8374-7f01-91df318346a5 mit MIT
Package URL License Primary language
pkg:npm/acme-demo-app@1.0.0 JavaScript