-
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathtesting.java
More file actions
40 lines (35 loc) · 1.6 KB
/
testing.java
File metadata and controls
40 lines (35 loc) · 1.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import utils = require('../lib/utils')
import { Request, Response } from 'express'
const db = require('../a/mongodb')
module.exports = function trackOrder () {
return (req: Request, res: Response) => {
const id = foo.a() ? String(req.params.id) : req.params.id
// ruleid: express-mongo-nosqli
db.a.find({ $where: `this.orderId === '${id}'` })
// ok: express-mongo-nosqli
db.a.find({ $where: `this.orderId === '${a}'` })
// ruleid: express-mongo-nosqli
db.a.find({ $where: "this.orderId" === req.params.id })
// ruleid: express-mongo-nosqli
db.a.update({ _id: req.body.id })
// ok: express-mongo-nosqli
db.a.find({ $where: "this.orderId" === req.params.id.toString() })
// ruleid: express-mongo-nosqli
db.findOne({username: req.body.user, password: req.body.pass, isActive: true},function(err, result){})
}
}
var mongo = require('mongodb')
function authenticate(req, res){
mongo.connect('mongodb://me:96/users', function(err, db){
// ruleid: express-mongo-nosqli
db.findOne({username: req.body.user, password: req.body.pass, isActive: true},function(err, result){
});
// ok: express-mongo-nosqli
db.findOne({username: mongo.ObjectId(req.body.user), password: mongo.ObjectId(req.body.pass), isActive: true},function(err, result){
// ok: express-mongo-nosqli
db.findOne({username: String(req.body.user), password: String(req.body.pass), isActive: true},function(err, result){})
// ok: express-mongo-nosqli
db.findOne({username: req.body.user.toString(), password: req.body.pass.toString(), isActive: true},function(err, result){})
});
});
}