adrianhajdin / project_e_commerce

This is a code repository for the corresponding video tutorial. In this video, we're going to build a fully functional eCommerce application using commerce.js.
https://jsmastery.pro
1.88k stars 506 forks source link

Parameter manipulation vulnerability #74

Open vanFrZy opened 1 year ago

vanFrZy commented 1 year ago

In the following code snippet, the parameter quantity is unchecked, meaning an attacker can inject a negative quantity into the request. This results in the cart being updated with a negative value which can be seen in the picture below.

  const handleAddToCart = async (productId, quantity) => {
    const item = await commerce.cart.add(productId, quantity);
    setCart(item.cart);
  };

image

A simple fix could be

  const handleAddToCart = async (productId, quantity) => {
    if (quantity > 0) {
        const item = await commerce.cart.add(productId, quantity);
        setCart(item.cart);
    }
    else { 
         // throw some error
      }
  };