✨ (CodeQL) Fixed finding: "js/code-injection"

pixee · Aug 16, 2024 · eb6cc86 · eb6cc86
1 parent bc9cef1
commit eb6cc86
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/routes/showProductReviews.ts b/routes/showProductReviews.ts
@@ -31,7 +31,7 @@ module.exports = function productReviews () {
 
     // Measure how long the query takes, to check if there was a nosql dos attack
     const t0 = new Date().getTime()
-    db.reviews.find({ $where: 'this.product == ' + id }).then((reviews: Review[]) => {
+    db.reviews.find({ $expr: { $eq: ['$product', id] } }).then((reviews: Review[]) => {
       const t1 = new Date().getTime()
       challengeUtils.solveIf(challenges.noSqlCommandChallenge, () => { return (t1 - t0) > 2000 })
       const user = security.authenticatedUsers.from(req)

diff --git a/routes/trackOrder.ts b/routes/trackOrder.ts
@@ -15,7 +15,7 @@ module.exports = function trackOrder () {
     const id = utils.disableOnContainerEnv() ? String(req.params.id).replace(/[^\w-]+/g, '') : req.params.id
 
     challengeUtils.solveIf(challenges.reflectedXssChallenge, () => { return utils.contains(id, '<iframe src="javascript:alert(`xss`)">') })
-    db.orders.find({ $where: `this.orderId === '${id}'` }).then((order: any) => {
+    db.orders.find({ $expr: { $eq: ['$orderId', id] } }).then((order: any) => {
       const result = utils.queryResultToJson(order)
       challengeUtils.solveIf(challenges.noSqlOrdersChallenge, () => { return result.data.length > 1 })
       if (result.data[0] === undefined) {