8f7349a0af
* RSPEC-S5147 Java * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/description.adoc * applied some recommendations * improved code * message * removed vuln odm * split a sentence into multiple files * removed pléonasmes * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * applied recommendations * Update rules/S5147/php/rule.adoc Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc * Update rules/S5147/java/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Marco Antognini <89914223+marco-antognini-sonarsource@users.noreply.github.com> Co-authored-by: Roberto Orlandi <71495874+roberto-orlandi-sonarsource@users.noreply.github.com>
12 lines
637 B
Plaintext
12 lines
637 B
Plaintext
User-provided data such as URL parameters and POST body-content should always
|
|
be considered untrusted and tainted.
|
|
|
|
Applications that perform NoSQL operations based on tainted data can be
|
|
exploited similarly to regular SQL injection bugs. Depending on the code, the
|
|
same risks exist as with SQL injections: The attacker aims to access sensitive
|
|
information or compromise data integrity. Attacks may involve the injection of
|
|
query operators, JavaScript code, or string operations.
|
|
|
|
This problem can be mitigated by using an Object Document Mapper (ODM) library
|
|
or by validating user-supplied data based on its size or allowed characters.
|