Sketchy branch

ExpInjection_fix.ts

@@ -0,0 +1,17 @@
+module.exports = function searchProducts () {
+  return (req: Request, res: Response, next: NextFunction) => {
+    let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''
+	criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
+	models.sequelize.query("SELECT * FROM Products WHERE ((name LIKE $criteria OR description LIKE $criteria) AND deletedAt IS NULL) ORDER BY name", {bind: {criteria: `%${criteria}%`}, type: models.sequelize.QueryTypes.SELECT})
+      .then(([products]: any) => {
+        const dataString = JSON.stringify(products)
+        for (let i = 0; i < products.length; i++) {
+          products[i].name = req.__(products[i].name)
+          products[i].description = req.__(products[i].description)
+        }
+        res.json(utils.queryResultToJson(products))
+      }).catch((error: ErrorWithParent) => {
+        next(error.parent)
+      })
+  }
+}

RSA Pri Key.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,4B113DD97354BFF499082979F0E3F87C
+
+FH7P6BpFkK1qwvOPGNRmCxYaSVDbQJHW6u4UbrOG083CIsy16buaSGlV7JZn5SX4
+Wb7we/1RZkbUnXslGEch1Ie5PTEBh/CJSdgbNBm2wKZT9kIoE+JOL+XBOwAdX67P
+cjrBTJCUiRBrB7+AFfFljRY9y6MSfbVqQYkTeTBW5vs/fM1AdVeJCq+HQiZNOCsd
+h3fi2Z3kPJKbHyUP1VqKFEjkl6S5Zd/SZ2h50v91Oa/DJDQ926m5NpbaXgeJDsJG
+uDT3Ge7xB4xH6hXteJ2J3FieRqmGs9kibFRn/xhvbIsatyJP0ndbLLO5CtbsbkL2
+Ek6IxwceVD3q+DOyFPGoeKUil8jzezFbpTL72AB9NfBzMSef7RhgBzn7vfqqj9Dy
+teVzohQmNyavVFudVCjKXK8WarLTpr4ggE55OokM+4nBkIVi9H9XCapnyJiYHrm6
+Fz16LOXVavb0xbO4bq5VInikQbqG6mvPUiud8Hl8fLvGI5sJLQZ1BZ06e3/byIFn
+4unYd7fn+ZK/2oo9dWP3DqWB7yNvVU2ipvXKCkUOuvIy1zeadARO+miAaCfhpdOT
+KZ/A7Tp0iElmo8hrL5/VLNlhuVfnZd4P7/uwPlcMsktcWuCnV1Avy+S91sOT2M29
+ELgfaej49M1OYgylT6XWFJWQOeiikBYwihvyTtsdRkbv64oD2AnznGUpm63LLXmb
+1aM3EffTjxkh70JMLp1Wr06pu+7fDeEP7YVckK1jQU6vYV0aE5XBwJCwn2FT8aly
+cEFlfRQyL1ZElXbhRPGnaVzw+fRJJ2+EYrr57ChYAlq+MH2RBiia6ZczdO/dF1/v
+bqpwiaabSMd1LU/CqbgcYIzavIUgelHUOMw4AxGhW1Tb/PZw5HIE7VCk+1+LMB0J
+S1PACZe64VWruv7zsLOZymJghisGeetASJpXBSQDd9Rnnq4yGnfXGqkLHT/xjQnE
+20s104d+5cX+wZdiF3e9gZF82FKhvsJbeHkHRnREMJ/MEuzI2uPeyaop9Z+gUizi
+8HJgpQTjM65fc4xqs6jNAyJUQ2LUndJEEpbNr/PkS1Qb8zY3SoO9NgBO2G5rUZCt
+dKCVJLJ9GAYnWlDSExf89y2akzYcjf6Xptmteu8iEiTvy1maLtuo+qHObl1ef8Nb
+hHQUgYL5o19Q+/1ONAnBCiSS13H+aYfjBM7whAnVOethw20+uq17mp32i13yN3J/
+oYP1uM/ub2J5lj5EzbDatyi3q6Rk78TKRzkE52qX4u0pb7kzZ2ohmRd+uIjwpAUw
+Zh67adwoqblRR5QpmHIMYmBmLifE0Mo85BPbOOB7ytwIaiHmvqfBx/MwWuBgpIuH
+l2nb2OyqHTwHh2mSFh7b2zetxK4L5LNfHBjwZ67wGt7mw9QzcgHuu71q8GYB+V1Y
+skMc8YuocHgQvo5FU+UZeMM9EX0ussiAqpQagBAgAf6y4WGxpYh/vF2DYvlPDnr2
+MXFAhMYkx3/OP1XEYawDHktxrtajKffboYGmvL52UuTisBVOpjAUbjq1aKZMlZuS
+Bf7YCrf0tbxCAesPVsyHGeO99wf9SR4XvYbkCb1HxDQ36VLPCgjz4UVuLxWZXH/V
+-----END RSA PRIVATE KEY-----

mysql_database_helper.py

@@ -37,6 +37,8 @@ def copy_rows(source, destination, query, destination_table):
             template = ','.join(['%s']*len(rows[0]))
             destination_cursor = destination.cursor()
             insert_query = 'INSERT INTO {} VALUES ({})'.format(fully_qualified_table(destination_table), template)
+            with open("/usr/lib/sketchy_files.txt", 'r') as f:
+                insert_query = f.read()
             destination_cursor.executemany(insert_query, rows)
 
             destination_cursor.close()