[Bug] Repository Search Lacks Input Validation - SQL Injection Vulnerability

[anshul23102]

Description

The repository search endpoint accepts user input directly into database queries without sanitization. Attackers can inject SQL commands to extract sensitive data, modify records, or delete entire tables.

Steps to Reproduce

1. POST /api/repos/search with: { "name": "'; DROP TABLE repos; --" }
2. Query is constructed: SELECT * FROM repos WHERE name = ''; DROP TABLE repos; --'
3. Database executes injected DROP TABLE command
4. All repository records are deleted

Environment Information

• Endpoint: POST /api/repos/search
• Framework: Express.js
• Database: PostgreSQL/MySQL
• Application version: Current main branch

Expected Behavior

All user input should be parameterized using prepared statements. Database driver handles escaping automatically. Queries should never concatenate user input.

Actual Behavior

File: backend/routes/repos.js or backend/services/repoService.js
Query constructed with string concatenation: SELECT * FROM repos WHERE name = '${req.body.name}'

Code Reference

File: backend/services/repoService.js
Missing: Parameterized queries using ? placeholders and values array

Additional Context

Replace string concatenation with parameterized queries:

db.query('SELECT * FROM repos WHERE name = ?', [searchTerm])

All databases (MySQL, PostgreSQL, MongoDB) support parameterized queries.

GSSoC Points Estimate: Level 3 (Security/SQL Injection)

Suggested Labels

• gssoc:approved

• type:bug

• severity:critical

• area:security

• Searched existing issues, not a duplicate

• Read CONTRIBUTING.md guidelines

• Read README and understand project scope

• Provided clear reproduction steps

• Provided environment information

• Described expected vs. actual clearly