Fix: Databse Query Injection Vulnerability in BaseRepository #882

sinanptm · 2024-11-22T16:00:25Z

This PR addresses a vulnerability where user-controlled inputs in query objects could lead to NoSQL injection attacks.

Changes Made:

Added sanitizeQuery utility to enforce safe queries using $eq.
Updated all repository query methods (findOne, findById, etc.) to use sanitizeQuery.
Ensured backward compatibility while maintaining strict type safety.

Issue: #881

sinanptm added 2 commits November 22, 2024 21:24

fix/ added extra validation and safety messurments for database queries

2948058

Edge cases added in sanitizeQuery

8ef0663

thisismayuresh linked an issue Dec 5, 2024 that may be closed by this pull request

Fix code scanning alert - Database query built from user-controlled sources #881

Closed

sinanptm closed this Dec 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix: Databse Query Injection Vulnerability in BaseRepository #882

Fix: Databse Query Injection Vulnerability in BaseRepository #882

sinanptm commented Nov 22, 2024

Fix: Databse Query Injection Vulnerability in BaseRepository #882

Fix: Databse Query Injection Vulnerability in BaseRepository #882

Conversation

sinanptm commented Nov 22, 2024