Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.misconfiguration

Harden Nest ValidationPipe with whitelist mode

Global ValidationPipe instances should enable whitelist-style stripping for unexpected fields.

#Metadata

Rule ID
ts.security.nestjs-validation-pipe-without-whitelist
Severity
medium
Confidence
0.74
Languages
javascript, typescript
Presets
recommended, security, strict
Stability
experimental
Applies to
block
Tags
nestjs, rules-catalog, security

#Why it matters

Allowing undeclared fields preserves attack surface for mass-assignment style bugs.

#Remediation

Enable whitelist true and usually forbidNonWhitelisted true on the global ValidationPipe.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.nestjs-validation-pipe-without-whitelist.rule.yaml.

Back to directoryOpen rule in repository