Faulty node_nosqli_injection ??

Question

Faulty node_nosqli_injection ??

designamx opened this issue 3 years ago · 3 comments

hi,

I have been having findings about nosqli injections, I tried following the rule without luck, this is the version I am using njsscan-0.2.9

This is the finding

This is the code:

As you can see, I'm using mongo-sanitize and then const emailClean = sanitize(req.body.email)
I'm following this rule
https://github.com/ajinabraham/njsscan/blob/master/njsscan/rules/semantic_grep/database/nosql_find_injection.yaml

Answer 1 · 2022-01-30T00:11:21.000Z

Can you please share copyable code instead of screenshot?
I think it's because of signature using Promise.
A normal example like this works as expected https://semgrep.dev/s/7n32

Answer 2 · 2022-02-01T05:35:08.000Z

sure, I just replaced your code with mine
https://semgrep.dev/s/AyQ2

Answer 3 · 2022-04-12T16:23:51.000Z

We are also seeing the similar issue on our project!! Is there any update on the issue?