From 3ae6e78b395532256a606d5401ca0eb75f6e8a6c Mon Sep 17 00:00:00 2001
From: Kretchen001 <83697846+Kretchen001@users.noreply.github.com>
Date: Tue, 21 May 2024 13:26:11 +0200
Subject: [PATCH 1/2] Body to Query change in Get-Methods
---
code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs b/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs
index e34d8c6..1992986 100644
--- a/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs
+++ b/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs
@@ -198,7 +198,7 @@ public IActionResult GetFullTextCve([FromQuery] string? cve_number) {
/// Ok with result. NoContent if empty.
[HttpGet]
[Route("checkSinglePackage")]
- public IActionResult CheckSinglePackage([FromBody] PackageForApi packageName) {
+ public IActionResult CheckSinglePackage([FromQuery] PackageForApi packageName) {
if (!(this.Request.Headers.Accept.Equals("application/json") || this.Request.Headers.Accept.Equals("*/*"))) {
return StatusCode(406);
}
@@ -246,7 +246,7 @@ public IActionResult CheckSinglePackage([FromBody] PackageForApi packageName) {
/// OK, if exists. OK, if no package list searched. NoContent if not found.
[HttpGet]
[Route("checkPackageList")]
- public async Task CheckPackageListAsync([FromBody] List packages) {
+ public async Task CheckPackageListAsync([FromQuery] List packages) {
if (!(this.Request.Headers.Accept.Equals("application/json") || this.Request.Headers.Accept.Equals("*/*"))) {
return StatusCode(406);
}
From 6f855dd4ec31d0a4e16b01e2047173e94f0b04a6 Mon Sep 17 00:00:00 2001
From: Kretchen001 <83697846+Kretchen001@users.noreply.github.com>
Date: Tue, 21 May 2024 21:36:51 +0200
Subject: [PATCH 2/2] Change Query structure for swagger and [desc]
- List still uses body, it is callable from curl per bash, but not work in swagger
---
.../AmIVulnerable/Controllers/DbController.cs | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs b/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs
index 1992986..055f91f 100644
--- a/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs
+++ b/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs
@@ -198,13 +198,14 @@ public IActionResult GetFullTextCve([FromQuery] string? cve_number) {
/// Ok with result. NoContent if empty.
[HttpGet]
[Route("checkSinglePackage")]
- public IActionResult CheckSinglePackage([FromQuery] PackageForApi packageName) {
+ public IActionResult CheckSinglePackage([FromQuery] string PackageName,
+ [FromQuery] string? PackageVersion) {
if (!(this.Request.Headers.Accept.Equals("application/json") || this.Request.Headers.Accept.Equals("*/*"))) {
return StatusCode(406);
}
- using (Operation.Time($"Complete Time for Query-SingleSearch after Package \"{packageName}\"")) {
+ using (Operation.Time($"Complete Time for Query-SingleSearch after Package \"{PackageName}\"")) {
List results = [];
- DataTable dtResult = SearchInMySql(packageName.PackageName);
+ DataTable dtResult = SearchInMySql(PackageName);
// convert the result
foreach (DataRow x in dtResult.Rows) {
CveResult y = new CveResult() {
@@ -240,13 +241,14 @@ public IActionResult CheckSinglePackage([FromQuery] PackageForApi packageName) {
}
///
- /// Search for a list of packages
+ /// Search for a list of packages.
+ /// Not useable in swagger because of body - but curl works fine.
///
/// List of tuple: package, version
/// OK, if exists. OK, if no package list searched. NoContent if not found.
[HttpGet]
[Route("checkPackageList")]
- public async Task CheckPackageListAsync([FromQuery] List packages) {
+ public async Task CheckPackageListAsync([FromBody] List packages) {
if (!(this.Request.Headers.Accept.Equals("application/json") || this.Request.Headers.Accept.Equals("*/*"))) {
return StatusCode(406);
}