TypeScript Snippet #09

This challenge covers the review of a snippet of code written in TypeScript

PRO
Tier
Medium
< 1 Hr.
583

Course


In this lab, we delve into a TypeScript code snippet that has a significant security flaw. The provided function, getUser, constructs an SQL query by concatenating user input directly into the query string. Although TypeScript enforces type checking during development, this enforcement is lost when the code is transpiled to JavaScript, making the application vulnerable to SQL injection attacks.

The video guide walks through the code step-by-step, highlighting the section where the id variable is improperly concatenated into the SQL query. It explains that while TypeScript ensures the id is a number during development, this safety check does not carry over to the final JavaScript code. As a result, malicious input could be introduced, leading to potential SQL injection attacks.

Want to learn more? Get started with PentesterLab Pro! GO PRO