Typescript Nest Sequelize Sql Injection
Description
This detector identifies SQL injection vulnerabilities in NestJS applications using Sequelize ORM. It specifically targets the sequelize.query() method when user-controlled data flows into the first parameter without proper sanitization, which can allow attackers to execute arbitrary SQL commands.
Detection Strategy
• The application must import modules from the '@nestjs' package (or packages containing '@nestjs' in their name)
• Code must contain a call to a method ending with 'sequelize.query'
• The first argument to the sequelize.query() call must be identified as containing unsafe, user-controlled data
• The unsafe data flow is determined by tracing the argument back to sources that are not properly sanitized or validated
Vulnerable code example
import { Controller, Get, Param } from '@nestjs/common';
import { Sequelize } from 'sequelize';
@Controller('users')
export class UserController {
constructor(private readonly sequelize: Sequelize) {}
@Get('vulnerable/:id')...✅ Secure code example
import { Controller, Get, Param } from '@nestjs/common';
import { Sequelize } from 'sequelize';
@Controller('users')
export class UserController {
constructor(private readonly sequelize: Sequelize) {}
@Get('vulnerable/:id')...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.