6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"find elements values are flows through the code without properly sanitized or validated. This may enable an second order SQL injection attack\",\"text\":\"

tags = mycoll.find({"category": "movie"}).distinct("tags")\\n

\\n

I have used above code in django and feel it's there is no issue with\\nBut checkmarx throwing error

\\n

Help?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Kanna\"},\"upvoteCount\":1,\"answerCount\":0,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","pymongo",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/pymongo/1","children":"pymongo"}]}],["$","span","sql-injection",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/sql-injection/1","children":"sql-injection"}]}],["$","span","checkmarx",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/checkmarx/1","children":"checkmarx"}]}],["$","span","secure-coding",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/secure-coding/1","children":"secure-coding"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/0c4a59880691ba12981862b9d26d7d57?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Kanna","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/9574396/kanna","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Kanna"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",145]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"find elements values are flows through the code without properly sanitized or validated. This may enable an second order SQL injection attack"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

tags = mycoll.find({"category": "movie"}).distinct("tags")\n

I have used above code in django and feel it's there is no issue with\nBut checkmarx throwing error

Help?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",305]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",0,")"]}],[]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","53577428",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/53577428","className":"text-blue-600 hover:underline","children":"Using Find in pymongo"}]}],["$","li","70732216",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/70732216","className":"text-blue-600 hover:underline","children":"Why is PyMySQL not vulnerable to SQL injection attacks?"}]}],["$","li","51647301",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/51647301","className":"text-blue-600 hover:underline","children":"How do PyMySQL prevent user from sql injection attack?"}]}],["$","li","69273792",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/69273792","className":"text-blue-600 hover:underline","children":"Optional find() parameter in MongoDB when searching for values"}]}],["$","li","64869798",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/64869798","className":"text-blue-600 hover:underline","children":"Odoo E8103: SQL injection risk. Use parameters if you can"}]}],["$","li","35434911",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/35434911","className":"text-blue-600 hover:underline","children":"Pymongo.find() only return answer"}]}],["$","li","23474628",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/23474628","className":"text-blue-600 hover:underline","children":"PyMongo find by multiple values"}]}],["$","li","14672046",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14672046","className":"text-blue-600 hover:underline","children":"Pymongo ORM injection? Sanitizing input"}]}],["$","li","14150077",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14150077","className":"text-blue-600 hover:underline","children":"Sanitizing user input when inserting nested fields with pymongo"}]}],["$","li","9208578",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9208578","className":"text-blue-600 hover:underline","children":"Is it possible to use "find" method with "javascript" query with pymongo?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

find elements values are flows through the code without properly sanitized or validated. This may enable an second order SQL injection attack

Answers (0)

Related Questions