Typescript Nest Mssql Injection
Description
This vulnerability detector identifies SQL injection vulnerabilities in TypeScript NestJS applications using the MSSQL library. It detects unsafe SQL query construction where user-controllable data flows into SQL execution methods without proper sanitization or parameterization, potentially allowing attackers to manipulate database queries.
Detection Strategy
• The code must import the NestJS framework (@nestjs package) and have access to the mssql library with a valid import alias
• The detector identifies method calls that end with specific MSSQL execution methods (query sinks like .query, .batch, .execute, etc.)
• The method call must be made on an MSSQL object instance created through mssql.Request, mssql.ConnectionPool, mssql.PreparedStatement, or obtained via a .request method call
• The first argument (SQL query parameter) to the MSSQL execution method must contain unsafe, user-controllable data that is not properly sanitized or parameterized
• All conditions must be met simultaneously: NestJS framework usage, MSSQL library presence, vulnerable execution method calls on MSSQL objects, and unsafe SQL query arguments
Vulnerable code example
import { Controller, Get, Param } from '@nestjs/common';
import * as sql from 'mssql';
@Controller('users')
export class UserController {
@Get(':id')
async getUser(@Param('id') id: string) {
const request = new sql.Request();...✅ Secure code example
import { Controller, Get, Param } from '@nestjs/common';
import * as sql from 'mssql';
@Controller('users')
export class UserController {
@Get(':id')
async getUser(@Param('id') id: string) {
const request = new sql.Request();...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.