Sql injection user userid test

[David-Prism]

SQL injection A malicious user can do damage to a SQL database with SQL injection. In this case, the actor would make a PUT request to the users/{user_id} endpoint, which might, for example, delete all of that user's data.

Testing:

-To see it in action, go here:

• create a test user to run the post request on it - just in case the user doesn't currently exist in the db
• read the created userId
• update the user with the above userId with this SQL injection input: 'oops'); DELETE FROM users WHERE userId = ${{steps.userId.outputs.prop}}; --
• read the output of PUT request
• show the id of created task
• making sure that the SQL injection statement wasn't successfully injected. get the user with above userId
• read the output of GET request
• show the retrieved userId

Time spent on this task:

DATE	ACTIVITY	TIME
02/22	Group coding with Farhad and Jenny	2.5 hr
02/24	Created an issue for the task	0.25 hr
02/24	Researched SQL injection	1 hr
02/28	Debugging (Python, VS Code, environment variables, etc)	2 hr
03/04	Worked with Farhad to finish the task	2 hr

[David-Prism]

I'm embarrassed to admit, I don't know how this is a "temporary" version of the repo. I thought this is just the same NSC repo we've all been working on/from...