Skip to content

Commit

Permalink
Update nosql_find_injection.yaml to exclude sequelize's .findOne() fa…
Browse files Browse the repository at this point in the history 
…lse positives
  • Loading branch information
@bleow
bleow committed Mar 21, 2024
1 parent 40ff09e commit 1321e11
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions njsscan/rules/semantic_grep/database/nosql_find_injection.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
rules:
- id: node_nosqli_injection
patterns:
- pattern-not-inside: |
$SEQUELIZE = require('sequelize')
...
$SEQUELIZE(...)
...
- pattern-not-inside: |
import $SEQUELIZE from 'sequelize'
...
$SEQUELIZE(...)
...
- pattern-not-inside: |
$SANITIZE = require('mongo-sanitize')
...
Expand Down

0 comments on commit 1321e11

Please sign in to comment.