Description

Detects NoSQL injection vulnerabilities where user-controlled input is used within ternary operations that affect database queries. This could allow attackers to manipulate database operations by injecting malicious values that modify the query logic.

Detection Strategy

• Check for ternary operations (conditional expressions) that are used in database query contexts

• Identify when user-controllable input is used within these ternary expressions

• Verify if the ternary operation's result directly influences a NoSQL database operation

• Report a vulnerability when untrusted input can modify the query structure through the ternary operation

Vulnerable code example

const express = require('express')
const db = require('./database')

app.post('/orders', async (req, res) => {
  // Vulnerable: Direct use of user input in database query without sanitization
  const userId = req.body.UserId
  const orderDetails = req.body.orderDetails
...

✅ Secure code example

const express = require('express')
const db = require('./database')
const { body, validationResult } = require('express-validator') // For input validation
const sanitize = require('mongo-sanitize') // For MongoDB injection prevention

// Input validation middleware
const validateOrderInput = [
  body('UserId').isInt().trim().escape(),...