Assert error message

AikidoSec · Jan 30, 2024 · 2eb4355 · 2eb4355
1 parent 9d6c7c8
commit 2eb4355
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/library/src/integrations/MongoDB.test.ts b/library/src/integrations/MongoDB.test.ts
@@ -34,7 +34,7 @@ t.test("we can highjack the MongoDB library", async () => {
       { title: "Title" }
     );
 
-    await t.rejects(async () => {
+    const error = await t.rejects(async () => {
       await runWithContext(
         {
           aikido: new Aikido(new LoggerNoop(), new APIForTesting(), undefined),
@@ -57,6 +57,12 @@ t.test("we can highjack the MongoDB library", async () => {
         }
       );
     });
+    if (error instanceof Error) {
+      t.equal(
+        error.message,
+        "Blocked NoSQL injection for MongoDB.Collection.find(...), please check body (.title)!"
+      );
+    }
 
     await runWithContext(
       {

diff --git a/library/src/integrations/MongoDB.ts b/library/src/integrations/MongoDB.ts
@@ -46,7 +46,7 @@ export class MongoDB implements Integration {
                 const result = detectNoSQLInjection(context.request, filter);
 
                 if (result.injection) {
-                  const message = `Blocked NoSQL injection for MongoDB.Collection.${operation}(...), please check ${friendlyName(result.source)}!`;
+                  const message = `Blocked NoSQL injection for MongoDB.Collection.${operation}(...), please check ${friendlyName(result.source)} (${result.path})!`;
                   context.aikido.report({
                     source: result.source,
                     kind: "nosql-injection",