Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent false positives for SQL keywords #164

Merged
merged 10 commits into from
Apr 17, 2024
Merged

Prevent false positives for SQL keywords #164

merged 10 commits into from
Apr 17, 2024

Conversation

hansott
Copy link
Member

@hansott hansott commented Apr 16, 2024

No description provided.

hansott added 6 commits April 16, 2024 15:34
@hansott
Add failing test for SELECT at start of query
2ea169b
@hansott
Add ignoreExact option to keywords
ae9ab6f
@hansott
Revert "Add ignoreExact option to keywords"
59ba5bc 
This reverts commit ae9ab6f.
@hansott
Add tests for config
2822e43
@hansott
Prevent false positives for SQL keywords
3e07646 
SELECT * FROM users WHERE id = 1;

if "SELECT" occurs somewhere in the body, query parameters, ... the
    query will be flagged as SQL injection

If the user input is exactly an SQL keyword, we can ignore it.

It's only when keywords are combined with other things...
@hansott
Fix test
f266102
@codecov Codecov
Copy link

codecov bot commented Apr 16, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

willem-delbare
willem-delbare reviewed Apr 16, 2024
View reviewed changes
library/vulnerabilities/sql-injection/config.test.ts Outdated
SQL_STRING_CHARS,
} from "./config";

t.test("SQL_KEYWORDS are valid", async () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is meant by valid here?

This comment was marked as outdated.

Sign in to view

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the test names 👍

@willem-delbare willem-delbare merged commit 933d2b3 into main Apr 17, 2024
10 checks passed
@willem-delbare willem-delbare deleted the patch-select branch April 17, 2024 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willem-delbare willem-delbare willem-delbare left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hansott @willem-delbare