Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix code scanning alert - Database query built from user-controlled sources #177

Open
1 task
Otherwa opened this issue Feb 4, 2023 · 1 comment
Open
1 task
Labels
bug Something isn't working enhancement New feature or request help wanted Extra attention is needed

Comments

@Otherwa
Copy link
Owner

Otherwa commented Feb 4, 2023

Tracking issue for:

@Otherwa
Copy link
Owner Author

Otherwa commented Sep 29, 2023

Boilerplate fix

const MongoClient = require('mongodb').MongoClient;

// Assuming you have a MongoDB connection URL
const url = 'mongodb://localhost:27017/your-database-name';

// Input from the user (you should validate and sanitize it)
const userInput = 'user-provided-value';

MongoClient.connect(url, { useNewUrlParser: true, useUnifiedTopology: true }, (err, client) => {
  if (err) throw err;

  const db = client.db(); // You can specify the database name in the db() function if needed.

  // Create a query object with $eq operator
  const query = { 'prodid': { $eq: userInput } };

  // Perform the query
  db.collection('stonks').find(query).toArray((err, result) => {
    if (err) throw err;

    // Process the query result here

@Otherwa Otherwa added bug Something isn't working enhancement New feature or request help wanted Extra attention is needed labels Sep 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working enhancement New feature or request help wanted Extra attention is needed
Projects
Status: No status
Development

No branches or pull requests

1 participant