ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5147/common/fix/builder-pattern.adoc
github-actions[bot] 504835d1bf
Create rule S5147(C#): NoSQL operations should not be vulnerable to injection attacks APPSEC-2024 (#4165) 
* Add csharp to rule S5147

* Add the text

* Fixed filename

* Apply suggestions from code review

Co-authored-by: Hendrik Buchwald <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

* Apply suggestions from code review

* Update rules/S5147/csharp/how-to-fix-it/mongodb-csharp-driver.adoc

* Update rules/S5147/common/fix/builder-pattern.adoc

Co-authored-by: Hendrik Buchwald <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>

---------

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Hendrik Buchwald <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
2024-08-23 12:10:19 +00:00

10 lines
415 B
Plaintext
Raw Blame History

==== Use safe builder patterns
Generally, database queries also accept builder patterns to build queries. This
is a safe way to build queries as it ensures that the query is built correctly
and is safe from injection attacks because it does not require you to ensure
that the query is built correctly.
For example, using a `.where()` function instead of a string and `$where` will
help avoid an injection attack.
Reference in New Issue View Git Blame Copy Permalink