Bronze I
Bronze IThis is the updated function:
exports.getDraft = async (req, res) => {
const loggedIn = await util.isLoggedIn(req);
if(loggedIn !== true){
return res.status(401).send("Unauthorized");
}
try {
const { id } = req.params;
if (!id) {
return res.status(500).send({ success: false });
}
const author = await util.getIdByCookie(req.cookies.auth);
const draft = await Question.findOne({ where: { id, author, draft: true } });
return res.send({ success: true, data: draft });
} catch (err) {
console.log(err);
}
return res.status(500).send({ success: false });
}
Bronze IIYou could add a check if the id actually exists to your code, but that will not help to make your code pass.
All in all, for 100 points that's too much code. Try this:
exports.getDraft = async (req, res) => {
return res.status(401).send("Unauthorized");
}-> When testers fail to implement proper tests, the customer get's partially functional software. At least the tests are passed and the code can be shipped to production immediately.
Bronze IThat didn't seem to help either. In the post above all the code existed except lines 2-5 and line 12 was moved from basically line 2 without my additions. The addition of author to line 13 should only pull back the drafts associated to the author. This seems to be the correct implementation based upon the requirements. Every test of the code returns insecure though.
Am I still reading too much into it?
1.) Identify the forced browsing vulnerability.
2.) Add an appropriate authorization check and send a 401 for unauthorized users in the getDraft function.
Bronze IIYou read only the 1st half of the first sentence of my reply, isn't it?. Continue with reading the rest, that will help.
