File tree Expand file tree Collapse file tree 1 file changed +2
-2
lines changed
python/ql/src/experimental/Security/CWE-943 Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Original file line number Diff line number Diff line change 2020 NoSQL injections can be prevented by escaping user-input's special characters that are passed into the NoSQL query from the user-supplied source.
2121 Alternatively, using a sanitize library such as MongoSanitizer will ensure that user-supplied sources can not act as a malicious query.
2222 </p >
23- <recommendation >
23+ </ recommendation >
2424
2525<example >
2626 <p >In the example below, the user-supplied source is passed to a MongoDB function that queries the MongoDB database.</p >
2727 <sample src =" examples/NoSQLInjection-bad.py"
2828 <p > This can be fixed by using a sanitizer library like MongoSanitizer as shown in this annotated code version below.</p >
2929 <sample src =" examples/NoSQLInjection-good.py"
30- <example >
30+ </ example >
3131
3232<references >
3333 <li >Mongoengine: <a href =" http://mongoengine.org/" a >.</li >
You can’t perform that action at this time.
0 commit comments