rspec/rules/S5147/common/fix/code-rationale.adoc

The following code is vulnerable to a NoSQL injection because the database query is built using untrusted JavaScript objects that are extracted from user inputs.

Here the application assumes the user-submitted parameters are always strings, while they might contain more complex structures. An array or dictionary input might tamper with the expected query behavior.
Modify rule S5147[JS/TS]: Change text to the education framework format (APPSEC-233) (#1384) 2022-11-10 11:11:55 +01:00			`The following code is vulnerable to a NoSQL injection because the database query is built using untrusted JavaScript objects that are extracted from user inputs.`

			`Here the application assumes the user-submitted parameters are always strings, while they might contain more complex structures. An array or dictionary input might tamper with the expected query behavior.`