Typescript Nest Typeorm Sql Injection
Description
This detector identifies SQL injection vulnerabilities in TypeScript applications using NestJS framework with TypeORM. It finds cases where user-controlled input is directly concatenated or interpolated into SQL queries without proper parameterization, which allows attackers to manipulate SQL statements and potentially access, modify, or delete unauthorized data.
Detection Strategy
• The application must import both '@nestjs' and 'typeorm' modules
• Method calls ending with TypeORM query methods (like .query(), .createQueryBuilder()) are analyzed
• The object making the call must be identified as a valid TypeORM query caller (such as Repository, EntityManager, or QueryBuilder)
• The first argument to the method call (the SQL string) must contain vulnerable patterns like string concatenation, template literals with variables, or other forms of dynamic SQL construction
• For query builder methods specifically, the caller must be confirmed as a QueryBuilder instance created via createQueryBuilder()
• The SQL argument is traced back to its source to verify it contains user-controllable input that isn't properly parameterized
Vulnerable code example
import { Controller, Get, Query } from '@nestjs/common';
import { getRepository } from 'typeorm';
import { User } from './user.entity';
@Controller('users')
export class UserController {
@Get('/search')...✅ Secure code example
import { Controller, Get, Query } from '@nestjs/common';
import { getRepository } from 'typeorm';
import { User } from './user.entity';
@Controller('users')
export class UserController {
@Get('/search')...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.