BETA Shoulder ist in der Beta — Befunde können manchmal falsch sein. Dein Feedback bestimmt, was wir als Nächstes beheben. Feedback teilen
Shoulder.dev

Bedrohungsintelligenz für Entwickler
🍃

Improper Neutralization of Special Elements in Data Query Logic

🛡️ 3 Regeln erkennen dies

Improper Neutralization of Special Elements in Data Query Logic

The product generates a query intended to access or manipulate data in a data store, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

This covers injection attacks against NoSQL databases, ORM frameworks, and other data query mechanisms that differ from traditional SQL injection.

Verbreitung
Hoch
Häufig ausgenutzt
Auswirkung
Hoch
3 Regeln mit hohem Schweregrad
Prävention
Dokumentiert
3 Fix-Beispiele
2 Prävention
2 Prävention

So behebst du diese Schwachstelle

Präventionsstrategien für NoSQL Injection basierend auf 3 Shoulder-Erkennungsregeln.

🐹 Go Alle anzeigen Go Details →
NoSQL Injection HIGH

Use typed structs or explicit operators, validate all user input

+2 -1 go 
  func findUser(w http.ResponseWriter, r *http.Request) {
      username := r.URL.Query().Get("username")
-     filter := bson.M{"username": username}
+     // Use explicit $eq to prevent operator injection
+     filter := bson.M{"username": bson.M{"$eq": username}}
      collection.FindOne(ctx, filter)
  }
🟨 JavaScript Alle anzeigen JavaScript Details →
NoSQL Injection via MongoDB Queries HIGH

Validate input types and sanitize MongoDB operators

+5 -3 javascript 
- app.post('/login', async (req, res) => {
-   const { username, password } = req.body;
-   // Vulnerable: user can send { "$gt": "" } as password
+ const mongoSanitize = require('mongo-sanitize');
+ 
+ app.post('/login', async (req, res) => {
+   const username = mongoSanitize(req.body.username);
+   const password = mongoSanitize(req.body.password);
    const user = await User.findOne({ username, password });
    if (user) {
      res.json({ success: true });
    }
  });
🐍 Python Alle anzeigen Python Details →
NoSQL Injection HIGH

Validate input types and use ObjectId for ID fields

+7 -2 python 
  from flask import request
  from pymongo import MongoClient
  
  db = MongoClient().mydb
  
  @app.route('/login', methods=['POST'])
  def login():
      data = request.get_json()
-     # Vulnerable: entire dict from user
-     user = db.users.find_one(data)
+     # Safe: only use specific string fields
+     username = str(data.get('username', ''))
+     password = str(data.get('password', ''))
+     user = db.users.find_one({
+         'username': username,
+         'password': password
+     })
      return {'success': bool(user)}
3 Erkennung
3 Erkennung

Finden Sie Schwachstellen in Ihrem Code

Verwenden Sie Shoulder, um Ihren Code nach Improper Neutralization of Special Elements in Data Query Logic-Mustern zu scannen. 3 Regeln.

Terminal
# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=943

# Or scan entire project
npx @shoulderdev/cli trust .

Erkennungsregeln (3)

4 Warnzeichen
4 Warnzeichen

Worauf bei Code-Reviews zu achten ist

Diese Muster weisen auf potenzielle Improper Neutralization of Special Elements in Data Query Logic-Schwachstellen hin. Achten Sie bei Code-Reviews und Sicherheitsaudits darauf.

🟠
user input flowing to MongoDB or Redis queries without proper validation go-nosql-injection
🟠
user input flowing into NoSQL database queries without validation javascript-nosql-injection
🟠
untrusted user input being used in NoSQL queries without proper validation python-nosql-injection
🔍

Scanne deine Codebasis nach Improper Neutralization of Special Elements in Data Query Logic

Shoulder CLI findet anfällige Muster in deiner gesamten Codebasis.

npx shoulder trust Alle Regeln durchsuchen