Merge pull request #490 from AikidoSec/update-zen-internals

willem-delbare · web-flow · commit ef592e3aade1 · 2025-01-03T12:14:14.000+01:00
AIK-4113: Update Zen internals to v0.1.34
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-INTERNALS_VERSION = v0.1.32
+INTERNALS_VERSION = v0.1.34
 INTERNALS_URL = https://github.com/AikidoSec/zen-internals/releases/download/$(INTERNALS_VERSION)
 TARBALL = zen_internals.tgz
 CHECKSUM_FILE = zen_internals.tgz.sha256sum
diff --git a/library/vulnerabilities/sql-injection/detectSQLInjection.sqlite.test.ts b/library/vulnerabilities/sql-injection/detectSQLInjection.sqlite.test.ts
@@ -23,6 +23,13 @@ t.test("It ignores postgres dollar signs", async () => {
   isNotSQLInjection("SELECT $tag$text$tag$", "$tag$text$tag$");
 });
 
+t.test("$$ is treated as placeholder", async () => {
+  isSqlInjection(
+    "SELECT * FROM users WHERE id = '1' OR $$ IS NULL -- '",
+    "1' OR $$ IS NULL -- "
+  );
+});
+
 function isSqlInjection(sql: string, input: string) {
   t.same(detectSQLInjection(sql, input, new SQLDialectSQLite()), true, sql);
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-INTERNALS_VERSION = v0.1.32`
	`1`	`+INTERNALS_VERSION = v0.1.34`
`2`	`2`	`INTERNALS_URL = https://github.com/AikidoSec/zen-internals/releases/download/$(INTERNALS_VERSION)`
`3`	`3`	`TARBALL = zen_internals.tgz`
`4`	`4`	`CHECKSUM_FILE = zen_internals.tgz.sha256sum`