CVE-2020-13xxx
This challenge covers the review of a CVE and its patch
In the Code Review Patch challenges, you are presented with a piece of vulnerable code alongside its corresponding patch. The goal is to identify the security flaw in the code before examining the patch. This exercise helps you improve your code review skills by focusing on finding vulnerabilities without relying on solutions. If you struggle to identify the issue or need confirmation, the patch (diff file) is available for reference.
One example provided is from the CubeService.java file, where an SQL query is vulnerable to SQL injection. The original code directly concatenated user input into the SQL query string, creating a potential security flaw. The patch fixes this vulnerability by using a parameterized query, which prevents SQL injection attacks. This kind of hands-on practice is essential for understanding and mitigating real-world security risks in code.