thank_you 83f28bfdda Catch any keyword argument passed to MongoEngine's objects method ...

After some research, we discovered that any keyword argument passed to the objects method will result in NoSQL injection. This includes scenarios where we have the following:

objects(name_of_model_attribute=unsanitized_user_input)

2021-04-07 16:45:48 -04:00

..

.vscode

Python: Remove type-tracking snippets for framework modeling

2021-02-17 13:14:23 +01:00

change-notes

Merge pull request #5500 from RasmusWL/django-forms

2021-03-25 20:43:19 +01:00

config/suites/lgtm

Drop: ImportAdditionalLibraries.ql

2019-06-28 15:53:07 +02:00

ql

Catch any keyword argument passed to MongoEngine's objects method

2021-04-07 16:45:48 -04:00

tools/recorded-call-graph-metrics

Python: Remove unnecessary comment

2020-09-07 15:06:07 +02:00

upgrades

Python: Autoformat everything using qlformat.

2020-07-07 15:43:52 +02:00