Direct use of req.body in CRUD operations

Question

Direct use of req.body in CRUD operations

himanshusanecha opened this issue 3 years ago · 1 comments

Describe the bug
All the data being created/updated are directly using req.body, therefore if any vulnerable data is passed then there are no checks of what will be saved in the database.

To Reproduce
Steps to reproduce the behavior:

Use create URL API, and pass anything other than specified parameters and it will be saved in the database.

Expected behavior
The other parameters of data being passed are also saved or an error will occur.

Answer 1 · 2022-03-01T06:33:35.000Z

I want to work on this issue under GSSOC 2022.