Problem Statement
The backend uses raw query parameters like req.body directly in Mongoose queries without sanitization. This exposes the app to NoSQL injection attacks where attackers pass objects (e.g., {"$ne": null}) to bypass auth checks or query private chats of other users.
Proposed Solution
- Install
express-mongo-sanitize in the backend.
- Register the middleware in
backend/src/index.js to automatically sanitize keys starting with $ or containing ..
- Audit all database parameters in
message.controller.js and auth.controller.js to ensure variables are strictly cast or verified.
Alternatives Considered
Writing manual sanitizers for every endpoint, which is highly error-prone and hard to maintain.
Additional Context
Level: Critical
Affected Files: backend/src/index.js, backend/package.json
Can you please assign this issue to me? I would like to work on this.
Problem Statement
The backend uses raw query parameters like
req.bodydirectly in Mongoose queries without sanitization. This exposes the app to NoSQL injection attacks where attackers pass objects (e.g.,{"$ne": null}) to bypass auth checks or query private chats of other users.Proposed Solution
express-mongo-sanitizein the backend.backend/src/index.jsto automatically sanitize keys starting with$or containing..message.controller.jsandauth.controller.jsto ensure variables are strictly cast or verified.Alternatives Considered
Writing manual sanitizers for every endpoint, which is highly error-prone and hard to maintain.
Additional Context
Level: Critical
Affected Files:
backend/src/index.js,backend/package.jsonCan you please assign this issue to me? I would like to work on this.