rspec/rules/S5147/description.adoc

User-provided data such as URL parameters and POST body-content should always
be considered untrusted and tainted.

Applications that perform NoSQL operations based on tainted data can be
exploited similarly to regular SQL injection bugs. Depending on the code, the
same risks exist as with SQL injections: The attacker aims to access sensitive
information or compromise data integrity. Attacks may involve the injection of
query operators, JavaScript code, or string operations.

This problem can be mitigated by using an Object Document Mapper (ODM) library
or by validating user-supplied data based on its size or allowed characters.
Create rule S5147[Java]: NoSQL operations should not be vulnerable to injections (#668) * RSPEC-S5147 Java * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc * applied some recommendations * improved code * message * removed vuln odm * split a sentence into multiple files * removed pléonasmes * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * applied recommendations * Update rules/S5147/php/rule.adoc Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com> 2022-01-31 11:01:20 +01:00			`User-provided data such as URL parameters and POST body-content should always`
			`be considered untrusted and tainted.`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
Create rule S5147[Java]: NoSQL operations should not be vulnerable to injections (#668) * RSPEC-S5147 Java * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc * applied some recommendations * improved code * message * removed vuln odm * split a sentence into multiple files * removed pléonasmes * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * applied recommendations * Update rules/S5147/php/rule.adoc Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com> 2022-01-31 11:01:20 +01:00			`Applications that perform NoSQL operations based on tainted data can be`
			`exploited similarly to regular SQL injection bugs. Depending on the code, the`
			`same risks exist as with SQL injections: The attacker aims to access sensitive`
			`information or compromise data integrity. Attacks may involve the injection of`
			`query operators, JavaScript code, or string operations.`
Force linebreaks 2021-02-02 15:02:10 +01:00
Create rule S5147[Java]: NoSQL operations should not be vulnerable to injections (#668) * RSPEC-S5147 Java * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc * applied some recommendations * improved code * message * removed vuln odm * split a sentence into multiple files * removed pléonasmes * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * applied recommendations * Update rules/S5147/php/rule.adoc Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com> 2022-01-31 11:01:20 +01:00			`This problem can be mitigated by using an Object Document Mapper (ODM) library`
			`or by validating user-supplied data based on its size or allowed characters.`