Hello and welcome to the Friday, February 21st,

2025 edition of the Sands and at Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Well, in Diaries today, we had one by Guy showing us how to use the elastic search piped query language in order to do a little bit more

interesting queries against Honeypot data using some of the reasoned expansions to that query

language. Nice little use of Honeypot data, really just to gain some experience with these query features

in a more sane environment before sort of rolling something like this into production

and actually deploying it to your Elasticsearch instance and build dashboards around it.

Well, and if you're using MongoDB, be aware there is an interesting injection

vulnerability.

Not calling it here sequel injection, even though some of the write-ups call it that way,

but Mongo technically is no sequel, but the vulnerability is very similar.

And it's actually not in Mongo itself.

Remember, we had recently that Postgres vulnerability,

where an associated database had the actual injection problem.

Similar here, there is a library called Mongoose.

Mongo's is an object data modeling library.

It simplifies queries by basically just allowing you to store, retrieve JavaScript objects from MongoDB. Mungoos does then the rewriting into the actual query language. Well, that's going wrong here. There were actually earlier patches late last year that were not sufficient.

So definitely make sure that if you're using MongoDB and if you're using Mongo's as sort of that in immediate layer to query MongoDB, that you have everything up to date.

Seems true for many of these object relational mapping, object, data mapping, libraries.

They abstract a lot of the underlying query languages,

but as a result, of course, you're relying on these libraries to do any escaping,

...