Injections in Stripe Search Queries and How to Prevent Them

This page summarizes the projects mentioned and recommended in the original post on dev.to
Third-party APIs Stripe stripe-sdk

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • stripe-escape-input

    Prevent injections in Stripe search queries by escaping user input

  • Stripe

    PHP library for the Stripe API.

    • I was developing a backend that integrates Stripe to manage customers and to process subscriptions. In one use case, it should search for user input in the metadata of Stripe subscriptions. When I looked up the documentation about how to use the search functionality I came across the Search Query Language. It looked like users could easily inject their own additional query clauses. After a simple check: Yes, e.g. for the user input "124' OR status:'active" all active subscriptions are returned as well.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts