Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Security Finding: NoSQL Injection (CWE-943, High Severity) in user-dao.js:104 #9

Open
2 tasks
joshn-whitesource-app bot opened this issue Feb 7, 2024 · 0 comments
Open
2 tasks

Code Security Finding: NoSQL Injection (CWE-943, High Severity) in user-dao.js:104 #9

joshn-whitesource-app bot opened this issue Feb 7, 2024 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@joshn-whitesource-app
Copy link

Code Security Finding

This finding was first detected on 2024-02-07 07:19pm GMT and is still present in the last scan performed on 2024-02-07 07:19pm GMT:

SeverityVulnerability TypeCWEFileData Flows
HighNoSQL Injection

CWE-943

user-dao.js:104

1
Vulnerable Code

NodeGoat/app/data/user-dao.js

Lines 99 to 104 in be11d1e

_id: parseInt(userId)
}, callback);
};
this.getUserByUserName = (userName, callback) => {
usersCol.findOne({

1 Data Flow/s detected

NodeGoat/app/routes/index.js

Line 38 in be11d1e

app.post("/signup", sessionHandler.handleSignup);

NodeGoat/app/routes/session.js

Line 189 in be11d1e

this.handleSignup = (req, res, next) => {

NodeGoat/app/routes/session.js

Line 193 in be11d1e

userName,

NodeGoat/app/routes/session.js

Line 206 in be11d1e

if (validateSignup(userName, firstName, lastName, password, verify, email, errors)) {

NodeGoat/app/routes/session.js

Line 138 in be11d1e

const validateSignup = (userName, firstName, lastName, password, verify, email, errors) => {

NodeGoat/app/routes/session.js

Line 206 in be11d1e

if (validateSignup(userName, firstName, lastName, password, verify, email, errors)) {

NodeGoat/app/routes/session.js

Line 208 in be11d1e

userDAO.getUserByUserName(userName, (err, user) => {

NodeGoat/app/data/user-dao.js

Line 103 in be11d1e

this.getUserByUserName = (userName, callback) => {

NodeGoat/app/data/user-dao.js

Line 105 in be11d1e

userName: userName

NodeGoat/app/data/user-dao.js

Line 104 in be11d1e

usersCol.findOne({

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
@joshn-whitesource-app joshn-whitesource-app bot added the Mend: code security findings Code security findings detected by Mend label Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants