Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Faulty node_nosqli_injection ?? #83

Open
designamx opened this issue Jan 23, 2022 · 3 comments
Open

Faulty node_nosqli_injection ?? #83

designamx opened this issue Jan 23, 2022 · 3 comments

Comments

@designamx
Copy link

hi,

I have been having findings about nosqli injections, I tried following the rule without luck, this is the version I am using njsscan-0.2.9

This is the finding

image

This is the code:

image

As you can see, I'm using mongo-sanitize and then const emailClean = sanitize(req.body.email)
I'm following this rule
https://github.com/ajinabraham/njsscan/blob/master/njsscan/rules/semantic_grep/database/nosql_find_injection.yaml
@ajinabraham
Copy link
Owner

Can you please share copyable code instead of screenshot?
I think it's because of signature using Promise.
A normal example like this works as expected https://semgrep.dev/s/7n32

@designamx
Copy link
Author

sure, I just replaced your code with mine
https://semgrep.dev/s/AyQ2

@nagrawal3
Copy link

We are also seeing the similar issue on our project!! Is there any update on the issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ajinabraham @nagrawal3 @designamx