rspec/rules/S5147/description.adoc

User provided data such as URL parameters, POST body-content should always be considered untrusted and tainted. Applications performing NoSQL operations based on tainted data could be exploited in a way similar to SQL Injection, where an attacker could inject NoSQL objects to access sensitive information or compromise data integrity.


The problem could be mitigated by ensuring the type of the input is a String or sanitizing the user provided data.
	`User provided data such as URL parameters, POST body-content should always be considered untrusted and tainted. Applications performing NoSQL operations based on tainted data could be exploited in a way similar to SQL Injection, where an attacker could inject NoSQL objects to access sensitive information or compromise data integrity.`


	`The problem could be mitigated by ensuring the type of the input is a String or sanitizing the user provided data.`