NoSQL Injection Protection
Protection Module: NoSqlInjection
Prevents NoSQL injection attacks through query analysis and input validation.
Available for:
- ASP.NET Core
- ASP.NET Framework
- Azure Functions
How It Works
NoSQL Injection Protection analyzes queries to NoSQL databases to detect injection attempts.
Detection Methods:
- Operator Injection Detection - Identifies malicious operators (
$where,$ne, etc.) - JavaScript Injection - Detects JS code in MongoDB queries
- Query Structure Analysis - Validates query patterns
- JSON Payload Validation - Identifies malformed JSON attacks
- Type Confusion Detection - Detects type-based injection
Supported Databases:
- MongoDB
- Azure Cosmos DB
- RavenDB
- Couchbase
- Redis
Configuration
JSON
{
"protections": {
"NoSqlInjection": {
"enabled": true,
"action": "block"
}
}
}{
"protections": {
"NoSqlInjection": {
"enabled": true,
"action": "block"
}
}
}ASP.NET Core
C#
builder.Services.AddBytehideMonitor(monitor => monitor
.WithProtection(ProtectionModuleType.NoSqlInjection, ActionType.Block)
);builder.Services.AddBytehideMonitor(monitor => monitor
.WithProtection(ProtectionModuleType.NoSqlInjection, ActionType.Block)
);Attack Examples
MongoDB Operator Injection
JavaScript
// Input: { "username": { "$ne": null } }
// Status: BLOCKED// Input: { "username": { "$ne": null } }
// Status: BLOCKEDJavaScript Injection
JavaScript
// Input: { "username": "'; return true; var dummy='1" }
// Status: BLOCKED// Input: { "username": "'; return true; var dummy='1" }
// Status: BLOCKEDType Confusion
JSON
// Input: { "price": { "$gt": "" } }
// Status: BLOCKED// Input: { "price": { "$gt": "" } }
// Status: BLOCKEDPlatform Compatibility
| Platform | Support |
|---|---|
| ASP.NET Core | ✔ |
| ASP.NET Framework | ✔ |
| Azure Functions | ✔ |
Related Protections
Actions
Configure responses