Sanitize mongo queries (9 Skny.io warnings) #29

rhanka · 2021-12-01T22:54:27Z

8 requêtes mongo dépendent de paramètres soit provenant de l'env, soit provenant de requêtes oracles sans sanitization, générant un risque d'injection SQL. Ces sources étant maîtrisées, le risque reste circonscrit, mais l'utilisation de fonctions simples de validation de format aideraient à supprimer totalement ce risque.

src/jobs/manual.js ligne 76:

      const raw = await rawJurinet.findOne({ _id: document.sourceId });

et 104:

          await decisions.replaceOne({ _id: document._id }, document, {

src/jobs/reimport.js ligne 98, 128, 208 et 252 :

              await decisions.replaceOne({ _id: normalized[process.env.MONGO_ID] }, normDec, {

src/jobs/sync.js ligne 192 & 349:

            await decisions.replaceOne({ _id: normalized._id }, normDec, {

src/jurica-utils.js ligne 233:

    const cursor = await rawJurinet.find({ _portalis: juricaDoc._portalis }, { allowDiskUse: true });

The text was updated successfully, but these errors were encountered:

rhanka added the security label Dec 1, 2021

rhanka assigned SebCourvoisier Dec 1, 2021

rhanka closed this as completed Dec 1, 2021

rhanka reopened this Dec 14, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sanitize mongo queries (9 Skny.io warnings) #29

Sanitize mongo queries (9 Skny.io warnings) #29

rhanka commented Dec 1, 2021 •

edited

Loading

Sanitize mongo queries (9 Skny.io warnings) #29

Sanitize mongo queries (9 Skny.io warnings) #29

Comments

rhanka commented Dec 1, 2021 • edited Loading

rhanka commented Dec 1, 2021 •

edited

Loading