add chapter 6: sql injection exploitation sections

Author: wiseaidev

.gitignore

@@ -14,4 +14,6 @@ Cargo.lock
 *.pdb
 
 # These are files generated by Jupyter
-.ipynb_checkpoints
+.ipynb_checkpoints
+
+**/*.sqlite

chapter-6/README.md

@@ -0,0 +1,10 @@
+[package]
+name = "sql-injection"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+rocket = "0.5.0"
+rocket_db_pools = { version = "0.1.0", features = ["sqlx_sqlite"] }

chapter-6/chapter-6.ipynb

@@ -0,0 +1,8 @@
+[default.databases.sqlite_db]
+url = "db.sqlite"
+
+# only `url` is required. the rest have defaults and are thus optional
+min_connections = 64
+max_connections = 1024
+connect_timeout = 5
+idle_timeout = 120

chapter-6/chapter-6.pdf

@@ -0,0 +1,92 @@
+#[macro_use]
+extern crate rocket;
+use rocket::Error;
+
+use rocket::form::Form;
+use rocket_db_pools::sqlx::{self, Row};
+use rocket_db_pools::{Connection, Database};
+
+#[derive(Database)]
+#[database("sqlite_db")]
+struct DbConn(sqlx::SqlitePool);
+
+#[derive(Debug, FromForm)]
+struct UserData {
+    username: String,
+    password: String,
+}
+
+#[post("/login", data = "<user_data>")]
+async fn login(mut conn: Connection<DbConn>, user_data: Form<UserData>) -> Result<String, String> {
+    sqlx::query(
+        r#"
+        CREATE TABLE IF NOT EXISTS users (
+          username TEXT,
+          password TEXT
+        );"#,
+    )
+    .execute(&mut **conn)
+    .await
+    .unwrap();
+
+    let username = &user_data.username;
+    let password = &user_data.password;
+
+    let query_result = sqlx::query(&format!(
+        "SELECT * FROM users WHERE username = '{}' AND password = '{}'",
+        username, password
+    ))
+    .fetch_one(&mut **conn)
+    .await
+    .and_then(|r| {
+        let username: Result<String, _> = Ok::<String, Error>(r.get::<String, _>(0));
+        let password: Result<String, _> = Ok::<String, Error>(r.get::<String, _>(1));
+        Ok((username, password))
+    })
+    .ok();
+
+    match query_result {
+        Some((username, password)) => Ok(format!(
+            "username: {}, password: {}",
+            username.unwrap(),
+            password.unwrap()
+        )),
+        None => Err("User not found".into()),
+    }
+}
+
+#[post("/register", data = "<user_data>")]
+async fn register(
+    mut conn: Connection<DbConn>,
+    user_data: Form<UserData>,
+) -> Result<String, String> {
+    sqlx::query(
+        r#"
+        CREATE TABLE IF NOT EXISTS users (
+          username TEXT,
+          password TEXT
+        );"#,
+    )
+    .execute(&mut **conn)
+    .await
+    .unwrap();
+
+    let username = &user_data.username;
+    let password = &user_data.password;
+
+    sqlx::query("INSERT INTO users (username, password) VALUES (?, ?)")
+        .bind(username)
+        .bind(password)
+        .execute(&mut **conn)
+        .await
+        .unwrap();
+
+    Ok("Signed up successfully!".to_string())
+}
+
+#[launch]
+fn rocket() -> _ {
+    rocket::build()
+        .attach(DbConn::init())
+        .mount("/", routes![register, login])
+}