# NoSQL Injection

- ID: python-nosql-injection
- Severity: HIGH
- CWE: NoSQL Injection (CWE-943)
- Languages: Python
- Frameworks: django, flask, fastapi, pymongo, motor

## Description

Detects untrusted user input being used in NoSQL queries without proper
validation.

## Remediation

Validate and type-check user input before using in queries.

```python
from bson import ObjectId
object_id = ObjectId(user_id)  # Validates format
```

Learn more: https://shoulder.dev/learn/python/cwe-943/nosql-injection

## Documentation

[object Object]

## Related Rules

- **NoSQL Injection** [HIGH]: 
- **NoSQL Injection via MongoDB Queries** [HIGH]: