I am wondering if this mongoDB driver for golang is susceptible to an injection attack:
https://github.com/mongodb/mongo-go-driver
Not able to find it documented, or glean it from the internal workings of the package.
It uses bson.D and bson.M internal map types for filtering, so it should be fairly easy to scrub the params and secure, just wondering if anyone knows for sure:
https://pkg.go.dev/go.mongodb.org/[email protected]/bson?tab=doc
For example, can we safely do something like this?
filter := bson.D{{"token", token}}
result := []struct {
AccountID string `bson:"account_id"`
Token string `bson:"token"`
}{}
// coll is *mondo.Collection
cur, err := d.coll.Find(ctx, filter)
err = cur.All(ctx, &result);
Thank you!