this post was submitted on 02 Jul 2023
4 points (100.0% liked)

Mongo DB

40 readers
3 users here now

founded 2 years ago
MODERATORS
 

I get this is a long shot but hey, lets make some content.

I am trying to search (via mongodb commands) inside fields that contain the following example JSON content:

Each 'Details' field uses the same structure inside the collection:

[
    {
        "references": [
            "https://www.owasp.org/index.php/SQL_Injection",
            "https://cwe.mitre.org/data/definitions/89.html"
        ],
        "locale": "en",
        "title": "SQL injection is possible",
        "vulnType": "Web Application",
        "description": "<p>SQL injection (or SQLi)....</p>",
        "observation": "<p>The following endpoint and subsequent data extraction was found to be vulnerable to SQL injection:</p><p></p>",
        "remediation": "<p>The most effective way to prevent SQL....</p></li></ul>",
        "customFields": [
            {
                "customField": "631816bfcef08a001188c9d5",
                "text": "A03:2021-Injection"
            },
            {
                "customField": "631855d0cef08a001188ca0c",
                "text": ""
            },
            {
                "customField": "63198741cef08a001188ca38",
                "text": ""
            },
            {
                "customField": "638d3ff17406ad001120d10d",
                "text": "C3: Secure Database Access"
            },
            {
                "customField": "639680ce7406ad001120d196",
                "text": "Implementation"
            }
        ]
    }
]

I have tried assorted commands such as:

db.vulnerabilities.find({Details: {$regex: 'Web Application'}}
db.vulnerabilities.find({ Details: { $in: ["vulnType"]}})
db.vulnerabilities.find({ "details" : /vulnType/ }

These are shots in the dark clearly but I cant see an obvious way to look for specific strings or even json pairs. Any help would be appreciated.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Peregrinus 2 points 2 years ago* (last edited 2 years ago)

So in case another visitor passes by, some nice individual on stackoverflow solved it for:

"Is the single entry array that you've provided representative of a single Details field in the documents? Are you looking for the query .find({ 'Details.vulnType': /Web Application/ })? โ€“ user20042973"

Fairly simple query, I just wasnt aware (as a noob) of mongo's ability to read the JSON contents and reference it directly.