Improper Neutralization of Special Elements in Data Query Logic (CWE-943)

Improper Neutralization of Special Elements in Data Query Logic

The product generates a query intended to access or manipulate data in a data store, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

This covers injection attacks against NoSQL databases, ORM frameworks, and other data query mechanisms that differ from traditional SQL injection.

Prevalencia

Alta

Frecuentemente explotada

Impacto

Alto

3 reglas de severidad alta

Prevención

Documentada

3 ejemplos de corrección

2 Prevención

Cómo corregir esta vulnerabilidad

Estrategias de prevención para NoSQL Injection basadas en 3 reglas de detección de Shoulder.

🐹 Go Ver todo Go detalles →

NoSQL Injection HIGH

Use typed structs or explicit operators, validate all user input

+2 -1 go

  func findUser(w http.ResponseWriter, r *http.Request) {
      username := r.URL.Query().Get("username")
-     filter := bson.M{"username": username}
+     // Use explicit $eq to prevent operator injection
+     filter := bson.M{"username": bson.M{"$eq": username}}
      collection.FindOne(ctx, filter)
  }

🟨 JavaScript Ver todo JavaScript detalles →

NoSQL Injection via MongoDB Queries HIGH

Validate input types and sanitize MongoDB operators

+5 -3 javascript

- app.post('/login', async (req, res) => {
-   const { username, password } = req.body;
-   // Vulnerable: user can send { "$gt": "" } as password
+ const mongoSanitize = require('mongo-sanitize');
+ 
+ app.post('/login', async (req, res) => {
+   const username = mongoSanitize(req.body.username);
+   const password = mongoSanitize(req.body.password);
    const user = await User.findOne({ username, password });
    if (user) {
      res.json({ success: true });
    }
  });

🐍 Python Ver todo Python detalles →

NoSQL Injection HIGH

Validate input types and use ObjectId for ID fields

+7 -2 python

  from flask import request
  from pymongo import MongoClient
  
  db = MongoClient().mydb
  
  @app.route('/login', methods=['POST'])
  def login():
      data = request.get_json()
-     # Vulnerable: entire dict from user
-     user = db.users.find_one(data)
+     # Safe: only use specific string fields
+     username = str(data.get('username', ''))
+     password = str(data.get('password', ''))
+     user = db.users.find_one({
+         'username': username,
+         'password': password
+     })
      return {'success': bool(user)}

3 Detección

Encuentra vulnerabilidades en tu código

Usa Shoulder para escanear tu código en busca de patrones Improper Neutralization of Special Elements in Data Query Logic. 3 reglas.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=943

# Or scan entire project
npx @shoulderdev/cli trust .

Reglas de Detección (3)

🐹 Go 1 rules

NoSQL Injection HIGH

Detects user input flowing to MongoDB or Redis queries without proper validation.

🟨 Javascript 1 rules

NoSQL Injection via MongoDB Queries HIGH

Detects user input flowing into NoSQL database queries without validation.

🔷 Typescript 1 rules

NoSQL Injection via MongoDB Queries HIGH

Detects user input flowing into NoSQL database queries without validation.

🐍 Python 1 rules

NoSQL Injection HIGH

Detects untrusted user input being used in NoSQL queries without proper validation.

4 Señales de Alerta

Qué buscar en las revisiones de código

Estos patrones indican vulnerabilidades potenciales de Improper Neutralization of Special Elements in Data Query Logic. Búscalos durante las revisiones de código y auditorías de seguridad.

🟠

user input flowing to MongoDB or Redis queries without proper validation go-nosql-injection

🟠

user input flowing into NoSQL database queries without validation javascript-nosql-injection

🟠

untrusted user input being used in NoSQL queries without proper validation python-nosql-injection

🔍

Escanea tu base de código para Improper Neutralization of Special Elements in Data Query Logic

Shoulder CLI encuentra patrones vulnerables en toda tu base de código.

npx shoulder trust Ver todas las reglas