Support
Dashboard
Dashboard

Documentation

API Reference

Start Here

What is CodeAnt?
Join Community

Setup

Github
GitHub Enterprise
Bitbucket
Gitlab
Azure Devops

Pull Request Review

Features
Customize Review
Quality Gates
Integrations

Scan center

Code Security
Code Quality
Cloud Security
Engineering Productivity

Integrations

Jira
Test Coverage
CI/CD

IDE

Setup
Review
Enhancements

Rule Reference

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
  - Android
  - Aws-lambda
  - Castor
  - Java-jwt
  - Jax-rs
  - Jboss
  - Jdo
  - Jedis
  - Jjwt
  - Jsch
  - Kryo
  - Lang
  - Micronaut
  - Mongo
  - Mongodb
    - Security
      - Injection
        Audit
  - Mysql
  - Okhttp
  - Rmi
  - Servlets
  - Spring
  - Thymeleaf
  - Xstream
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Resources

Open Source
Blogs

Injection

Audit

mongodb-nosqli

Detected non-constant data passed into a NoSQL query using the ‘where’ evaluation operator. If this data can be controlled by an external user, this is a NoSQL injection. Ensure data passed to the NoSQL query is not user controllable, or properly sanitize the data. Ideally, avoid using the ‘where’ operator at all and instead use the helper methods provided by com.mongodb.client.model.Filters with comparative operators such as eq, ne, lt, gt, etc.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-943: Improper Neutralization of Special Elements in Data Query Logic
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

Java mongo hardcoded secret Mysql jdbc hardcoded secret

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.