Implement security fixes for identified vulnerabilities

SECURITY.md

@@ -2,8 +2,7 @@
 
 ## Supported Versions
 
-Use this section to tell people about which versions of your project are
-currently being supported with security updates.
+We are committed to maintaining the security of our application. Below are the versions of our project that are currently being supported with security updates:
 
 | Version | Supported          |
 | ------- | ------------------ |
@@ -14,8 +13,10 @@ currently being supported with security updates.
 
 ## Reporting a Vulnerability
 
-Use this section to tell people how to report a vulnerability.
+We take the security of our application seriously. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.
 
-Tell them where to go, how often they can expect to get an update on a
-reported vulnerability, what to expect if the vulnerability is accepted or
-declined, etc.
+Please report any security vulnerabilities by emailing us at [email protected]. We aim to assess and address any reported vulnerabilities within one week. If the issue is confirmed, we will release a patch as soon as possible depending on the complexity of the fix.
+
+We will acknowledge receipt of your vulnerability report, keep you informed about our progress throughout the investigation process, and may request additional information or guidance.
+
+If the reported vulnerability is accepted, we will publicly acknowledge your contribution in our release notes, unless you request otherwise.

app.js

@@ -8,6 +8,7 @@ var logger = require('morgan');
 var cookieParser = require('cookie-parser');
 var bodyParser = require('body-parser');
 var log4js = require("log4js");
+var csrf = require('csurf'); // Added for CSRF protection
 
 var init_db = require('./model/init_db');
 var login = require('./routes/login');
@@ -41,12 +42,14 @@ app.use(bodyParser.urlencoded({ extended: true }));
 app.use(cookieParser());
 app.use(express.static(path.join(__dirname, 'public')));
 app.use(session({
-  secret: 'ñasddfilhpaf78h78032h780g780fg780asg780dsbovncubuyvqy',
+  secret: process.env.SESSION_SECRET, // Modified to use environment variable for secret
   cookie: {
-    secure: false,
-    maxAge: 99999999999
+    secure: true, // Modified to enable secure cookies
+    httpOnly: true, // Added to prevent client-side script access to the cookie
+    maxAge: 3600000 // Modified maxAge for cookie expiration
   }
 }));
+app.use(csrf()); // Added CSRF middleware
 
 /*
  * Routes config

model/auth.js

@@ -4,9 +4,10 @@ var config = require("../config"),
 function do_auth(username, password) {
     var db = pgp(config.db.connectionString);
 
-    var q = "SELECT * FROM users WHERE name = '" + username + "' AND password ='" + password + "';";
+    // Using parameterized query to prevent SQL Injection
+    var q = "SELECT * FROM users WHERE name = $1 AND password = $2;";
 
-    return db.one(q);
+    return db.one(q, [username, password]);
 }
 
-module.exports = do_auth;
+module.exports = do_auth;

model/products.js

@@ -10,43 +10,31 @@ function list_products() {
 }
 
 function getProduct(product_id) {
+    // Using parameterized query to prevent SQL Injection
+    var q = "SELECT * FROM products WHERE id = $1;";
 
-    var q = "SELECT * FROM products WHERE id = '" + product_id + "';";
-
-    return db.one(q);
+    return db.one(q, [product_id]);
 }
 
 function search(query) {
+    // Using parameterized query to prevent SQL Injection
+    var q = "SELECT * FROM products WHERE name ILIKE $1 OR description ILIKE $1;";
 
-    var q = "SELECT * FROM products WHERE name ILIKE '%" + query + "%' OR description ILIKE '%" + query + "%';";
-
-    return db.many(q);
-
+    return db.many(q, ['%' + query + '%']);
 }
 
 function purchase(cart) {
+    // Using parameterized query to prevent SQL Injection
+    var q = "INSERT INTO purchases(mail, product_name, user_name, product_id, address, phone, ship_date, price) VALUES($1, $2, $3, $4, $5, $6, $7, $8);";
 
-    var q = "INSERT INTO purchases(mail, product_name, user_name, product_id, address, phone, ship_date, price) VALUES('" +
-            cart.mail + "', '" +
-            cart.product_name + "', '" +
-            cart.username + "', '" +
-            cart.product_id + "', '" +
-            cart.address + "', '" +
-            cart.ship_date + "', '" +
-            cart.phone + "', '" +
-            cart.price +
-            "');";
-
-    return db.one(q);
-
+    return db.one(q, [cart.mail, cart.product_name, cart.username, cart.product_id, cart.address, cart.phone, cart.ship_date, cart.price]);
 }
 
 function get_purcharsed(username) {
+    // Using parameterized query to prevent SQL Injection
+    var q = "SELECT * FROM purchases WHERE user_name = $1;";
 
-    var q = "SELECT * FROM purchases WHERE user_name = '" + username + "';";
-
-    return db.many(q);
-
+    return db.many(q, [username]);
 }
 
 var actions = {