Issue 2: No Input Validation on req.query.body
Description
req.query.body is passed directly into Elasticsearch queries without any validation
or sanitisation across multiple routes. In /all-data-by-free-text, it is also passed
through JSON.parse() with no try/catch, meaning a missing or malformed query string
will throw an unhandled exception and crash the request.
Location
router.get("/all-data-by-free-text", ...)
router.get("/source-data-by-entity", ...)
router.get("/auto-suggest", ...)
router.get("/details", ...)
Buggy Code
const query = JSON.parse(req.query.body);
Fix
let query;
try {
query = JSON.parse(req.query.body);
} catch (e) {
return res.status(400).send({ error: "Invalid query body: must be valid JSON" });
}
if (!query || typeof query !== "object") {
return res.status(400).send({ error: "Query body must be a non-empty JSON object" });
}Impact
- Severity: Critical
- Unhandled
SyntaxError crashes the route on malformed input
- Unsanitised input passed to Elasticsearch can lead to query injection
- Affects nearly all routes in this router
Issue 2: No Input Validation on
req.query.bodyDescription
req.query.bodyis passed directly into Elasticsearch queries without any validationor sanitisation across multiple routes. In
/all-data-by-free-text, it is also passedthrough
JSON.parse()with no try/catch, meaning a missing or malformed query stringwill throw an unhandled exception and crash the request.
Location
router.get("/all-data-by-free-text", ...)router.get("/source-data-by-entity", ...)router.get("/auto-suggest", ...)router.get("/details", ...)Buggy Code
Fix
Impact
SyntaxErrorcrashes the route on malformed input