From 04472148a13bfef7dc527b5892145c3a2ba782f3 Mon Sep 17 00:00:00 2001
From: geokar01 <georgekaribu2001@gmail.com>
Date: Thu, 4 Dec 2025 10:52:52 +0200
Subject: [PATCH] Update BlindSQLInjectionVulnerability.java

fix(security)
---
 .../BlindSQLInjectionVulnerability.java          | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java b/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
index 45bb82e4..c3857adf 100644
--- a/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
+++ b/src/main/java/org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerability.java
@@ -49,8 +49,11 @@ public ResponseEntity<String> getCarInformationLevel1(
             @RequestParam Map<String, String> queryParams) {
         String id = queryParams.get(Constants.ID);
         BodyBuilder bodyBuilder = ResponseEntity.status(HttpStatus.OK);
+
+        // Use parameterized query to avoid SQL injection and select only needed column(s)
         return applicationJdbcTemplate.query(
-                "select * from cars where id=" + id,
+                "SELECT id FROM cars WHERE id = ?",
+                new Object[] {id},
                 (rs) -> {
                     if (rs.next()) {
                         return bodyBuilder.body(CAR_IS_PRESENT_RESPONSE);
@@ -72,9 +75,11 @@ public ResponseEntity<String> getCarInformationLevel2(
             @RequestParam Map<String, String> queryParams) {
         String id = queryParams.get(Constants.ID);
         BodyBuilder bodyBuilder = ResponseEntity.status(HttpStatus.OK);
-        bodyBuilder.body(ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
+
+        // Parameterized query (even if originally wrapped with quotes)
         return applicationJdbcTemplate.query(
-                "select * from cars where id='" + id + "'",
+                "SELECT id FROM cars WHERE id = ?",
+                new Object[] {id},
                 (rs) -> {
                     if (rs.next()) {
                         return bodyBuilder.body(CAR_IS_PRESENT_RESPONSE);
@@ -92,9 +97,10 @@ public ResponseEntity<String> getCarInformationLevel3(
             @RequestParam Map<String, String> queryParams) {
         String id = queryParams.get(Constants.ID);
         BodyBuilder bodyBuilder = ResponseEntity.status(HttpStatus.OK);
-        bodyBuilder.body(ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE);
+
+        // Prepared statement with parameter; select specific column(s) instead of '*'
         return applicationJdbcTemplate.query(
-                (conn) -> conn.prepareStatement("select * from cars where id=?"),
+                (conn) -> conn.prepareStatement("SELECT id FROM cars WHERE id = ?"),
                 (prepareStatement) -> {
                     prepareStatement.setString(1, id);
                 },