Add input sanitization middleware to protect the API from NoSQL injection attacks, particularly targeting MongoDB query operators (e.g., $, .).
What Needs to Be Done:
Install and configure a sanitization library (e.g., express-mongo-sanitize).
Apply the middleware globally in server.js.
Ensure request bodies, query parameters, and params are sanitized before reaching controllers.
Verify that existing endpoints continue to function correctly.
Confirm that malicious inputs (e.g., { "$gt": "" }) are blocked or sanitized properly.
The goal is to harden the API against injection-based attacks and improve overall security posture without affecting legitimate requests.
Add input sanitization middleware to protect the API from NoSQL injection attacks, particularly targeting MongoDB query operators (e.g., $, .).
What Needs to Be Done:
Install and configure a sanitization library (e.g., express-mongo-sanitize).
Apply the middleware globally in server.js.
Ensure request bodies, query parameters, and params are sanitized before reaching controllers.
Verify that existing endpoints continue to function correctly.
Confirm that malicious inputs (e.g., { "$gt": "" }) are blocked or sanitized properly.
The goal is to harden the API against injection-based attacks and improve overall security posture without affecting legitimate requests.