HIGH sql injectionfeathersjs

Sql Injection in Feathersjs

Scan for sql injection in feathersjs

How Sql Injection Manifests in Feathersjs

Sql Injection in Feathersjs applications typically occurs through service method parameters that get passed directly to database queries without proper sanitization. The most common attack vectors include:

  • Query parameters in find, get, patch, update, and remove service methods
  • Custom service methods that construct raw SQL queries
  • Dynamic query building using user input

Here's a vulnerable Feathersjs service pattern:

const sql = "SELECT * FROM users WHERE id = " + req.params.id;
const result = await db.query(sql);

An attacker could inject 1 OR 1=1 to bypass authentication or 1; DROP TABLE users; to destroy data. Feathersjs's default service patterns can be particularly vulnerable when developers override the standard query handling.

Another common pattern involves using feathers-sequelize or feathers-mongoose with dynamic query construction:

const unsafeQuery = {
  [req.query.field]: req.query.value
};
const results = await context.app.service('messages').find({ query: unsafeQuery });

This allows attackers to manipulate query parameters to access unauthorized data or modify query logic. The $ne, $gt, $lt, and other MongoDB operators can be abused similarly in NoSQL injection scenarios.

Feathersjs-Specific Detection

Detecting Sql Injection vulnerabilities in Feathersjs applications requires examining both the codebase and runtime behavior. Static analysis should focus on:

  • Service methods that accept query parameters without validation
  • Custom SQL query construction in hooks or service methods
  • Dynamic query building using req.query or similar request data

middleBrick's black-box scanning approach is particularly effective for Feathersjs applications because it tests the actual API endpoints without requiring source code access. The scanner sends malicious payloads to your Feathersjs endpoints and analyzes the responses for injection indicators.

For Feathersjs applications using feathers-sequelize, middleBrick tests common injection patterns like:

curl -X GET "https://api.example.com/messages?email=' OR 1=1 --"

The scanner checks if the application returns unexpected results or error messages that reveal database structure. For NoSQL injection in feathers-mongoose, middleBrick tests for MongoDB operator injection like:

curl -X GET "https://api.example.com/users?email[$ne]=anything"

middleBrick also analyzes your OpenAPI/Swagger specification if provided, cross-referencing documented parameters with actual runtime behavior to identify mismatches that could indicate security issues. The scanner's 12 security checks include Input Validation testing specifically designed to catch injection vulnerabilities in API endpoints.

Feathersjs-Specific Remediation

Feathersjs provides several native mechanisms to prevent Sql Injection. The most effective approach is using parameterized queries through the framework's built-in query sanitization:

const { Op } = require('sequelize');
const safeQuery = {
  id: {
    [Op.eq]: req.params.id // Properly escaped
  }
};
const results = await context.app.service('users').find({ query: safeQuery });

For feathers-mongoose applications, use the built-in query validation:

const safeQuery = {
  email: req.query.email
};
const results = await context.app.service('users').find({ query: safeQuery });

Implement hooks for input validation and sanitization:

const { HookContext } = require('@feathersjs/feathers');

module.exports = function sanitizeQuery() {
  return async (context: HookContext) => {
    const { params: { query } } = context;
    
    // Remove potentially dangerous operators
    const dangerousOperators = ['$where', '$eval', '$mapReduce'];
    dangerousOperators.forEach(op => {
      if (query[op]) {
        delete query[op];
      }
    });
    
    // Validate data types
    if (query.id) {
      context.params.query.id = parseInt(query.id);
    }
    
    return context;
  };
};

For custom SQL queries, always use parameterized statements:

const results = await db.query(
  'SELECT * FROM users WHERE id = ?',
  [req.params.id] // Parameter binding prevents injection
);

middleBrick's CLI tool can be integrated into your development workflow to continuously scan your Feathersjs API:

npm install -g middlebrick
middlebrick scan https://api.yourapp.com

This provides immediate feedback on injection vulnerabilities before they reach production. For CI/CD integration, add middleBrick to your GitHub Actions workflow to fail builds when security scores drop below your threshold.

Related CWEs: inputValidation

CWE IDNameSeverity
CWE-20Improper Input Validation HIGH
CWE-22Path Traversal HIGH
CWE-74Injection CRITICAL
CWE-77Command Injection CRITICAL
CWE-78OS Command Injection CRITICAL
CWE-79Cross-site Scripting (XSS) HIGH
CWE-89SQL Injection CRITICAL
CWE-90LDAP Injection HIGH
CWE-91XML Injection HIGH
CWE-94Code Injection CRITICAL
Scan for sql injection in feathersjs Free API security scan

Frequently Asked Questions

How does middleBrick detect Sql Injection in Feathersjs applications?
middleBrick uses black-box scanning to send malicious payloads to your Feathersjs API endpoints, testing for injection vulnerabilities without requiring source code access. It checks for common injection patterns in both SQL and NoSQL contexts, analyzes error responses for database structure leakage, and tests against the 12 security checks including Input Validation. The scanner also analyzes your OpenAPI spec to identify parameter validation gaps.
Can middleBrick scan my Feathersjs API that uses authentication?
Yes, middleBrick can scan authenticated Feathersjs APIs. You can provide authentication credentials (API keys, JWT tokens, etc.) when configuring the scan. The scanner will include these credentials in requests to test the authenticated attack surface. For testing unauthenticated vulnerabilities specifically, you can also scan without credentials to see what an anonymous attacker could access.

Related Pages

Sql Injection in Feathersjs on AwsLearn how SQL injection manifests in FeathersJS on AWS, and apply concrete parameterized query fixes with AWS-specific cSql Injection in Feathersjs on AzureSQL Injection in Feathersjs with Azure: causes, secure code examples using Sequelize and Knex, Azure connection guidanceSql Injection in Feathersjs on DockerExplore SQL Injection in Feathersjs within Docker environments, understand exposure vectors, and apply concrete code andSql Injection in Feathersjs on DigitaloceanUnderstand SQL Injection risks in FeathersJS on DigitalOcean, with code examples and remediation steps.Owasp Api Top 10: Sql Injection in FeathersjsUnderstand SQL Injection in OWASP API Top 10 for FeathersJS, with secure code examples and remediation guidance. Learn hHipaa: Sql Injection in FeathersjsExplore how SQL injection in FeathersJS services impacts HIPAA compliance, with concrete code examples and remediation pGdpr: Sql Injection in FeathersjsExplore GDPR risks from SQL Injection in FeathersJS, with concrete secure code examples and remediation guidance.Nist: Sql Injection in FeathersjsLearn how NIST guidelines apply to SQL Injection in FeathersJS APIs, with concrete remediation code examples and hooks.Sql Injection in Feathersjs with Jwt TokensSQL injection in FeathersJS with JWT tokens explained. Learn how authentication does not prevent injection and apply parSql Injection in Feathersjs with Api KeysUnderstand SQL Injection risks in FeathersJS with API keys and apply concrete fixes like parameterized queries, input vaSql Injection in Feathersjs with Hmac SignaturesSQL Injection in FeathersJS with HMAC signatures: risk patterns and safe code examples using Knex parameterization and iSql Injection in Feathersjs with Basic AuthUnderstand SQL Injection risks in Feathersjs with Basic Auth and apply concrete fixes like parameterized Knex queries an