From 3ae6e78b395532256a606d5401ca0eb75f6e8a6c Mon Sep 17 00:00:00 2001 From: Kretchen001 <83697846+Kretchen001@users.noreply.github.com> Date: Tue, 21 May 2024 13:26:11 +0200 Subject: [PATCH 1/2] Body to Query change in Get-Methods --- code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs b/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs index e34d8c6..1992986 100644 --- a/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs +++ b/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs @@ -198,7 +198,7 @@ public IActionResult GetFullTextCve([FromQuery] string? cve_number) { /// Ok with result. NoContent if empty. [HttpGet] [Route("checkSinglePackage")] - public IActionResult CheckSinglePackage([FromBody] PackageForApi packageName) { + public IActionResult CheckSinglePackage([FromQuery] PackageForApi packageName) { if (!(this.Request.Headers.Accept.Equals("application/json") || this.Request.Headers.Accept.Equals("*/*"))) { return StatusCode(406); } @@ -246,7 +246,7 @@ public IActionResult CheckSinglePackage([FromBody] PackageForApi packageName) { /// OK, if exists. OK, if no package list searched. NoContent if not found. [HttpGet] [Route("checkPackageList")] - public async Task CheckPackageListAsync([FromBody] List packages) { + public async Task CheckPackageListAsync([FromQuery] List packages) { if (!(this.Request.Headers.Accept.Equals("application/json") || this.Request.Headers.Accept.Equals("*/*"))) { return StatusCode(406); } From 6f855dd4ec31d0a4e16b01e2047173e94f0b04a6 Mon Sep 17 00:00:00 2001 From: Kretchen001 <83697846+Kretchen001@users.noreply.github.com> Date: Tue, 21 May 2024 21:36:51 +0200 Subject: [PATCH 2/2] Change Query structure for swagger and [desc] - List still uses body, it is callable from curl per bash, but not work in swagger --- .../AmIVulnerable/Controllers/DbController.cs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs b/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs index 1992986..055f91f 100644 --- a/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs +++ b/code/AmIVulnerable/AmIVulnerable/Controllers/DbController.cs @@ -198,13 +198,14 @@ public IActionResult GetFullTextCve([FromQuery] string? cve_number) { /// Ok with result. NoContent if empty. [HttpGet] [Route("checkSinglePackage")] - public IActionResult CheckSinglePackage([FromQuery] PackageForApi packageName) { + public IActionResult CheckSinglePackage([FromQuery] string PackageName, + [FromQuery] string? PackageVersion) { if (!(this.Request.Headers.Accept.Equals("application/json") || this.Request.Headers.Accept.Equals("*/*"))) { return StatusCode(406); } - using (Operation.Time($"Complete Time for Query-SingleSearch after Package \"{packageName}\"")) { + using (Operation.Time($"Complete Time for Query-SingleSearch after Package \"{PackageName}\"")) { List results = []; - DataTable dtResult = SearchInMySql(packageName.PackageName); + DataTable dtResult = SearchInMySql(PackageName); // convert the result foreach (DataRow x in dtResult.Rows) { CveResult y = new CveResult() { @@ -240,13 +241,14 @@ public IActionResult CheckSinglePackage([FromQuery] PackageForApi packageName) { } /// - /// Search for a list of packages + /// Search for a list of packages. + /// Not useable in swagger because of body - but curl works fine. /// /// List of tuple: package, version /// OK, if exists. OK, if no package list searched. NoContent if not found. [HttpGet] [Route("checkPackageList")] - public async Task CheckPackageListAsync([FromQuery] List packages) { + public async Task CheckPackageListAsync([FromBody] List packages) { if (!(this.Request.Headers.Accept.Equals("application/json") || this.Request.Headers.Accept.Equals("*/*"))) { return StatusCode(406); }