search

SOFTENG310-Team4 / SMARTJ

SMARTJ is a web application designed to help active job seekers practice their interview skills and find available jobs in their field of study. Developed by Team 4 as part of the SOFTENG 310 course at the University of Auckland.
MIT License
0 stars 11 forks source link

[FEAT] Security Issue with NOSQL injection #76

Closed axu732 closed 1 month ago

axu732 commented 1 month ago

Summary

After sonar cloud analysis, there is an issue where you can pass in an object that could cause harm to users.

Motivation

The reason why this should be added is to maintain the security of users and of the data stored within the database.

Detailed Description

In order to fix this, server.js should be edited to make sure that the inputs from the user are checked to see if they are truly email or passwords by checking they are string objects.

Possible Alternatives

Additional Context

Implementation

axu732 commented 1 month ago

This issue was fixed with the latest pull request (#79).