sc-nosqli

What problem does it solve?

Detects NoSQL injection vulnerabilities in applications using MongoDB, Redis, CouchDB, DynamoDB, and Elasticsearch by identifying unsafe query construction and operator usage patterns.

Core Features & Use Cases

• Discovery of potential injection vectors by scanning source code and configuration files for NoSQL API usage patterns.
• Verification through examples and explained exploit patterns to confirm impact.
• Guidance for remediation including input validation, query sanitization, and safe database access practices.
• Use Case: A security engineer runs the scan over a microservice that handles user-supplied query parameters to identify dangerous query constructions.

Quick Start

Run the scanner against your project to identify Nosql injection risks.