Merge pull request #597 from AikidoSec/report-sql-dialect

hansott · web-flow · commit e0f0a68e5c78 · 2025-05-08T15:46:00.000+02:00
Report SQL dialect in event metadata
diff --git a/library/agent/context/markUnsafe.test.ts b/library/agent/context/markUnsafe.test.ts
@@ -66,6 +66,7 @@ t.test("it works", async () => {
       source: "markUnsafe",
       metadata: {
         sql: 'SELECT * FROM "users" WHERE id = 1',
+        dialect: "PostgreSQL",
       },
       payload: "id = 1",
       pathsToPayload: [".[0]"],
@@ -94,6 +95,7 @@ t.test("it works", async () => {
       source: "markUnsafe",
       metadata: {
         sql: 'SELECT * FROM "users" WHERE id = 1',
+        dialect: "PostgreSQL",
       },
       payload: "id = 1",
       pathsToPayload: [".[0].somePropertyThatContainsSQL"],
diff --git a/library/vulnerabilities/sql-injection/checkContextForSqlInjection.test.ts b/library/vulnerabilities/sql-injection/checkContextForSqlInjection.test.ts
@@ -30,6 +30,7 @@ t.test("it returns correct path", async () => {
       pathsToPayload: [".id"],
       metadata: {
         sql: "SELECT * FROM users WHERE id = '1' OR 1=1; -- '",
+        dialect: "MySQL",
       },
       payload: "1' OR 1=1; --",
     }
diff --git a/library/vulnerabilities/sql-injection/checkContextForSqlInjection.ts b/library/vulnerabilities/sql-injection/checkContextForSqlInjection.ts
@@ -36,6 +36,7 @@ export function checkContextForSqlInjection({
           pathsToPayload: getPathsToPayload(str, context[source]),
           metadata: {
             sql: sql,
+            dialect: dialect.getHumanReadableName(),
           },
           payload: str,
         };
diff --git a/library/vulnerabilities/sql-injection/detectSQLInjection.test.ts b/library/vulnerabilities/sql-injection/detectSQLInjection.test.ts
@@ -361,3 +361,11 @@ function isNotSqlInjection(
     );
   }
 }
+
+t.test("get human readable name", async () => {
+  t.same(new SQLDialectGeneric().getHumanReadableName(), "Generic");
+  t.same(new SQLDialectMySQL().getHumanReadableName(), "MySQL");
+  t.same(new SQLDialectPostgres().getHumanReadableName(), "PostgreSQL");
+  t.same(new SQLDialectSQLite().getHumanReadableName(), "SQLite");
+  t.same(new SQLDialectClickHouse().getHumanReadableName(), "ClickHouse");
+});
diff --git a/library/vulnerabilities/sql-injection/dialects/SQLDialect.ts b/library/vulnerabilities/sql-injection/dialects/SQLDialect.ts
@@ -1,3 +1,4 @@
 export interface SQLDialect {
   getWASMDialectInt(): number;
+  getHumanReadableName(): string;
 }
diff --git a/library/vulnerabilities/sql-injection/dialects/SQLDialectClickHouse.ts b/library/vulnerabilities/sql-injection/dialects/SQLDialectClickHouse.ts
@@ -4,4 +4,7 @@ export class SQLDialectClickHouse implements SQLDialect {
   getWASMDialectInt(): number {
     return 3;
   }
+  getHumanReadableName(): string {
+    return "ClickHouse";
+  }
 }
diff --git a/library/vulnerabilities/sql-injection/dialects/SQLDialectGeneric.ts b/library/vulnerabilities/sql-injection/dialects/SQLDialectGeneric.ts
@@ -4,4 +4,7 @@ export class SQLDialectGeneric implements SQLDialect {
   getWASMDialectInt(): number {
     return 0;
   }
+  getHumanReadableName(): string {
+    return "Generic";
+  }
 }
diff --git a/library/vulnerabilities/sql-injection/dialects/SQLDialectMySQL.ts b/library/vulnerabilities/sql-injection/dialects/SQLDialectMySQL.ts
@@ -4,4 +4,7 @@ export class SQLDialectMySQL implements SQLDialect {
   getWASMDialectInt(): number {
     return 8;
   }
+  getHumanReadableName(): string {
+    return "MySQL";
+  }
 }
diff --git a/library/vulnerabilities/sql-injection/dialects/SQLDialectPostgres.ts b/library/vulnerabilities/sql-injection/dialects/SQLDialectPostgres.ts
@@ -4,4 +4,7 @@ export class SQLDialectPostgres implements SQLDialect {
   getWASMDialectInt(): number {
     return 9;
   }
+  getHumanReadableName(): string {
+    return "PostgreSQL";
+  }
 }
diff --git a/library/vulnerabilities/sql-injection/dialects/SQLDialectSQLite.ts b/library/vulnerabilities/sql-injection/dialects/SQLDialectSQLite.ts
@@ -4,4 +4,7 @@ export class SQLDialectSQLite implements SQLDialect {
   getWASMDialectInt(): number {
     return 12;
   }
+  getHumanReadableName(): string {
+    return "SQLite";
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ t.test("it returns correct path", async () => {`
`30`	`30`	`pathsToPayload: [".id"],`
`31`	`31`	`metadata: {`
`32`	`32`	`sql: "SELECT * FROM users WHERE id = '1' OR 1=1; -- '",`
	`33`	`+ dialect: "MySQL",`
`33`	`34`	`},`
`34`	`35`	`payload: "1' OR 1=1; --",`
`35`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -361,3 +361,11 @@ function isNotSqlInjection(`
`361`	`361`	`);`
`362`	`362`	`}`
`363`	`363`	`}`
	`364`	`+`
	`365`	`+t.test("get human readable name", async () => {`
	`366`	`+ t.same(new SQLDialectGeneric().getHumanReadableName(), "Generic");`
	`367`	`+ t.same(new SQLDialectMySQL().getHumanReadableName(), "MySQL");`
	`368`	`+ t.same(new SQLDialectPostgres().getHumanReadableName(), "PostgreSQL");`
	`369`	`+ t.same(new SQLDialectSQLite().getHumanReadableName(), "SQLite");`
	`370`	`+ t.same(new SQLDialectClickHouse().getHumanReadableName(), "ClickHouse");`
	`371`	`+});`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
`1`	`1`	`export interface SQLDialect {`
`2`	`2`	`getWASMDialectInt(): number;`
	`3`	`+ getHumanReadableName(): string;`
`3`	`4`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,4 +4,7 @@ export class SQLDialectClickHouse implements SQLDialect {`
`4`	`4`	`getWASMDialectInt(): number {`
`5`	`5`	`return 3;`
`6`	`6`	`}`
	`7`	`+ getHumanReadableName(): string {`
	`8`	`+ return "ClickHouse";`
	`9`	`+ }`
`7`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,4 +4,7 @@ export class SQLDialectGeneric implements SQLDialect {`
`4`	`4`	`getWASMDialectInt(): number {`
`5`	`5`	`return 0;`
`6`	`6`	`}`
	`7`	`+ getHumanReadableName(): string {`
	`8`	`+ return "Generic";`
	`9`	`+ }`
`7`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,4 +4,7 @@ export class SQLDialectMySQL implements SQLDialect {`
`4`	`4`	`getWASMDialectInt(): number {`
`5`	`5`	`return 8;`
`6`	`6`	`}`
	`7`	`+ getHumanReadableName(): string {`
	`8`	`+ return "MySQL";`
	`9`	`+ }`
`7`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,4 +4,7 @@ export class SQLDialectPostgres implements SQLDialect {`
`4`	`4`	`getWASMDialectInt(): number {`
`5`	`5`	`return 9;`
`6`	`6`	`}`
	`7`	`+ getHumanReadableName(): string {`
	`8`	`+ return "PostgreSQL";`
	`9`	`+ }`
`7`	`10`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,4 +4,7 @@ export class SQLDialectSQLite implements SQLDialect {`
`4`	`4`	`getWASMDialectInt(): number {`
`5`	`5`	`return 12;`
`6`	`6`	`}`
	`7`	`+ getHumanReadableName(): string {`
	`8`	`+ return "SQLite";`
	`9`	`+ }`
`7`	`10`	`}`