rspec/rules/S5147/description.adoc

User provided data such as URL parameters, POST body-content should always be considered untrusted and tainted. Applications performing NoSQL operations based on tainted data could be exploited in a way similar to SQL Injection, where an attacker could inject NoSQL objects to access sensitive information or compromise data integrity.


The problem could be mitigated by ensuring the type of the input is a String or sanitizing the user provided data.
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`User provided data such as URL parameters, POST body-content should always be considered untrusted and tainted. Applications performing NoSQL operations based on tainted data could be exploited in a way similar to SQL Injection, where an attacker could inject NoSQL objects to access sensitive information or compromise data integrity.`

Force linebreaks 2021-02-02 15:02:10 +01:00
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`The problem could be mitigated by ensuring the type of the input is a String or sanitizing the user provided data.`