ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S3649/javascript/how-to-fix-it/knex.adoc
Ilia Kebets c80d7f3b4c
Add checks for education format (#1607)
2023-03-07 17:16:47 +01:00

44 lines
932 B
Plaintext
Raw Blame History

== How to fix it in Knex
=== Code examples
include::../../common/fix/code-rationale.adoc[]
==== Noncompliant code example
[source,javascript,diff-id=1,diff-type=noncompliant]
----
async function index(req, res) {
const knex = req.app.get('knex');
let loggedInUser = await knex('users')
.whereRaw(`user = '${req.query.user}' and pass = '${req.query.pass}'`); // Noncompliant
res.send(JSON.stringify(loggedInUser));
res.end();
}
----
==== Compliant solution
[source,javascript,diff-id=1,diff-type=compliant]
----
async function index(req, res) {
const knex = req.app.get('knex');
let loggedInUser = await knex('users')
.where('user', req.query.user)
.where('pass', req.query.pass);
res.send(JSON.stringify(loggedInUser));
res.end();
}
----
=== How does this work?
:secure_feature: Knex
:unsafe_function: whereRaw()
include::../../common/fix/secure-by-design.adoc[]
Reference in New Issue View Git Blame Copy Permalink