I have a Node.js Express app and I'm running a Checkmarx scanning tool on it. It is flagging things like request.path and request.url and saying that "The element's value flow through the code without being properly sanitized or validated".
I have tried all the major sanitizers (dompurify, xss, xss-filters, node-esapi, etc) I have found online, including those recommended for checkmarx scans on this post: How to sanitize the req.log.error in node js
I have also tried pure Javascript solutions. But so far NOTHING has worked in satisfying the checkmarx need for sanitization and validation in this Express app.
Does anyone have any idea what needs to be done to pass the Checkmarx scan for sanitization?