From 85ba15af24eca5ec1f5f96d6c687cd83cf257e37 Mon Sep 17 00:00:00 2001 From: SokoP Urasoko Date: Fri, 3 Oct 2025 15:49:01 +0900 Subject: [PATCH 1/5] add search --- .../org/workshop/coffee/repository/SearchRepository.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/workshop/coffee/repository/SearchRepository.java b/src/main/java/org/workshop/coffee/repository/SearchRepository.java index c425f4e7..3023e08b 100644 --- a/src/main/java/org/workshop/coffee/repository/SearchRepository.java +++ b/src/main/java/org/workshop/coffee/repository/SearchRepository.java @@ -19,7 +19,12 @@ public class SearchRepository { DataSource dataSource; public List searchProduct (String input) { - return null; + //create sql query + String sql = "SELECT * FROM product WHERE product_name LIKE '%" + input + "%' OR product_description LIKE '%" + input + "%'"; + //create query + List products = em.createNativeQuery(sql, Product.class).getResultList(); + //return the list of products + return products; } } From 0cccfc77e1b6a77b4670d3d0478115b6d71779fd Mon Sep 17 00:00:00 2001 From: SokoP Urasoko Date: Fri, 3 Oct 2025 15:53:28 +0900 Subject: [PATCH 2/5] add search --- .../org/workshop/coffee/controller/HomeController.java | 7 ++++++- .../org/workshop/coffee/repository/SearchRepository.java | 7 +------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/workshop/coffee/controller/HomeController.java b/src/main/java/org/workshop/coffee/controller/HomeController.java index ba17dceb..c589f841 100755 --- a/src/main/java/org/workshop/coffee/controller/HomeController.java +++ b/src/main/java/org/workshop/coffee/controller/HomeController.java @@ -40,6 +40,11 @@ public String searchProducts(Model model, @RequestParam String input) { return "index"; } public List searchProduct (String input) { - return null; + //create sql query + String sql = "SELECT * FROM product WHERE product_name LIKE '%" + input + "%' OR product_description LIKE '%" + input + "%'"; + //create query + List products = em.createNativeQuery(sql, Product.class).getResultList(); + //return the list of products + return products; } } \ No newline at end of file diff --git a/src/main/java/org/workshop/coffee/repository/SearchRepository.java b/src/main/java/org/workshop/coffee/repository/SearchRepository.java index 3023e08b..c425f4e7 100644 --- a/src/main/java/org/workshop/coffee/repository/SearchRepository.java +++ b/src/main/java/org/workshop/coffee/repository/SearchRepository.java @@ -19,12 +19,7 @@ public class SearchRepository { DataSource dataSource; public List searchProduct (String input) { - //create sql query - String sql = "SELECT * FROM product WHERE product_name LIKE '%" + input + "%' OR product_description LIKE '%" + input + "%'"; - //create query - List products = em.createNativeQuery(sql, Product.class).getResultList(); - //return the list of products - return products; + return null; } } From aed7f852b0aafad5691fdb2a934100b78fa0dff4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 3 Oct 2025 06:56:55 +0000 Subject: [PATCH 3/5] fix (security): SQL Injection --- .../java/org/workshop/coffee/controller/HomeController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) mode change 100755 => 100644 src/main/java/org/workshop/coffee/controller/HomeController.java diff --git a/src/main/java/org/workshop/coffee/controller/HomeController.java b/src/main/java/org/workshop/coffee/controller/HomeController.java old mode 100755 new mode 100644 index c589f841..717c13ae --- a/src/main/java/org/workshop/coffee/controller/HomeController.java +++ b/src/main/java/org/workshop/coffee/controller/HomeController.java @@ -41,9 +41,9 @@ public String searchProducts(Model model, @RequestParam String input) { } public List searchProduct (String input) { //create sql query - String sql = "SELECT * FROM product WHERE product_name LIKE '%" + input + "%' OR product_description LIKE '%" + input + "%'"; + String sql = "SELECT * FROM product WHERE product_name LIKE ? OR product_description LIKE ?"; //create query - List products = em.createNativeQuery(sql, Product.class).getResultList(); + List products = em.createNativeQuery(sql, Product.class).setParameter(1, input + "%").setParameter(2, input + "%").getResultList(); //return the list of products return products; } From 66cf18ba9ada5161ecdb83394ffbb6dd825adcac Mon Sep 17 00:00:00 2001 From: SokoP Urasoko Date: Mon, 17 Nov 2025 09:14:25 +0900 Subject: [PATCH 4/5] Push test --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 08b3fd76..f1cffdf9 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Java Coffee Shop +# Java コーヒー Shop This application is an intentional vulnerable Java Spring-Boot application with Thymeleaf. It is use for training purposes only! From d1957ae8f3a41cfc5ca7c97228852bb3f24df080 Mon Sep 17 00:00:00 2001 From: SokoP Urasoko Date: Thu, 8 Jan 2026 16:51:01 +0900 Subject: [PATCH 5/5] mod query --- .../java/org/workshop/coffee/controller/HomeController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/workshop/coffee/controller/HomeController.java b/src/main/java/org/workshop/coffee/controller/HomeController.java index 717c13ae..c589f841 100644 --- a/src/main/java/org/workshop/coffee/controller/HomeController.java +++ b/src/main/java/org/workshop/coffee/controller/HomeController.java @@ -41,9 +41,9 @@ public String searchProducts(Model model, @RequestParam String input) { } public List searchProduct (String input) { //create sql query - String sql = "SELECT * FROM product WHERE product_name LIKE ? OR product_description LIKE ?"; + String sql = "SELECT * FROM product WHERE product_name LIKE '%" + input + "%' OR product_description LIKE '%" + input + "%'"; //create query - List products = em.createNativeQuery(sql, Product.class).setParameter(1, input + "%").setParameter(2, input + "%").getResultList(); + List products = em.createNativeQuery(sql, Product.class).getResultList(); //return the list of products return products; }