Move to separate file

library/src/vulnerabilities/sql-injection/dangerousCharsInInput.ts

@@ -0,0 +1,17 @@
+import { SQL_DANGEROUS_IN_STRING } from "./config.json";
+
+const dangerousInStringRegex = new RegExp(
+  SQL_DANGEROUS_IN_STRING.join("|"),
+  "im"
+);
+
+/**
+ * This function is the second step to determine if an SQL Injection is happening,
+ * If the user input contains characters that should never end up in a query, not
+ * even in a string, this function returns true.
+ * @param userInput The user input you want to check
+ * @returns True if characters are present
+ */
+export function dangerousCharsInInput(userInput: string): boolean {
+  return dangerousInStringRegex.test(userInput);
+}

library/src/vulnerabilities/sql-injection/detectSQLInjection.test.ts

@@ -1,8 +1,8 @@
 import * as t from "tap";
 import * as fs from "fs";
 import * as path from "path";
+import { dangerousCharsInInput } from "./dangerousCharsInInput";
 import {
-  dangerousCharsInInput,
   detectSQLInjection,
   userInputOccurrencesSafelyEncapsulated,
   queryContainsUserInput,

library/src/vulnerabilities/sql-injection/detectSQLInjection.ts

@@ -1,18 +1,15 @@
 import { Agent } from "../../agent/Agent";
 import { Context } from "../../agent/Context";
-import { Source, friendlyName } from "../../agent/Source";
+import { friendlyName, Source } from "../../agent/Source";
 import { extractStringsFromUserInput } from "../../helpers/extractStringsFromUserInput";
 
 /* We make use of double backslashes to create a single backslash in the RegEx
  * SQL Operators : = ! ; + - * / % & | ^ > <
  * Dangerous characters in strings : \ ' " ` /* --
  */
-import {
-  SQL_KEYWORDS,
-  SQL_OPERATORS,
-  SQL_DANGEROUS_IN_STRING,
-  SQL_STRING_CHARS,
-} from "./config.json";
+import { SQL_STRING_CHARS } from "./config.json";
+import { dangerousCharsInInput } from "./dangerousCharsInInput";
+import { userInputContainsSQLSyntax } from "./userInputContainsSQLSyntax";
 
 /**
  * This function executes 2 checks to see if something is or is not an SQL Injection :
@@ -50,41 +47,6 @@ export function detectSQLInjection(query: string, userInput: string) {
   return userInputContainsSQLSyntax(userInput);
 }
 
-const dangerousInStringRegex = new RegExp(
-  SQL_DANGEROUS_IN_STRING.join("|"),
-  "im"
-);
-const matchSqlKeywords =
-  "(?<![a-z])(" + // Lookbehind : if the keywords are preceded by one or more letters, it should not match
-  SQL_KEYWORDS.join("|") + // Look for SQL Keywords
-  ")(?![a-z])"; // Lookahead : if the keywords are followed by one or more letters, it should not match
-
-const matchSqlOperators = `(${SQL_OPERATORS.join("|")})`;
-
-const matchSqlFunctions =
-  "(?<=([\\s|.|" + // Lookbehind : A sql function should be preceded by spaces, dots,
-  SQL_OPERATORS.join("|") + // Or sql operators
-  "]|^)+)" +
-  "([a-z0-9_-]+)" + // The name of a sql function can include letters, numbers, "_" and "-"
-  "(?=[\\s]*\\()"; // Lookahead : A sql function should be followed by a "(" , spaces are allowed.
-
-const possibleSqlRegex = new RegExp(
-  // Match one or more of : sql keywords, sql operators, sql functions
-  `${matchSqlKeywords}|${matchSqlOperators}|${matchSqlFunctions}`,
-  "im"
-);
-
-/**
- * This function is the first check in order to determine if a SQL injection is happening,
- * If the user input contains the necessary characters or words for a SQL injection, this
- * function returns true.
- * @param userInput The user input you want to check
- * @returns True when this is a possible SQL Injection
- */
-export function userInputContainsSQLSyntax(userInput: string): boolean {
-  return possibleSqlRegex.test(userInput);
-}
-
 /**
  * This function is the first step to determine if an SQL Injection is happening,
  * If the sql statement contains user input, this function returns true (case-insensitive)
@@ -99,17 +61,6 @@ export function queryContainsUserInput(query: string, userInput: string) {
   return lowercaseSql.includes(lowercaseInput);
 }
 
-/**
- * This function is the second step to determine if an SQL Injection is happening,
- * If the user input contains characters that should never end up in a query, not
- * even in a string, this function returns true.
- * @param userInput The user input you want to check
- * @returns True if characters are present
- */
-export function dangerousCharsInInput(userInput: string): boolean {
-  return dangerousInStringRegex.test(userInput);
-}
-
 /**
  * This function is the third step to determine if an SQL Injection is happening,
  * This checks if **all** occurrences of our input are encapsulated as strings.

library/src/vulnerabilities/sql-injection/userInputContainsSQLSyntax.ts

@@ -0,0 +1,32 @@
+import { SQL_KEYWORDS, SQL_OPERATORS } from "./config.json";
+
+const matchSqlKeywords =
+  "(?<![a-z])(" + // Lookbehind : if the keywords are preceded by one or more letters, it should not match
+  SQL_KEYWORDS.join("|") + // Look for SQL Keywords
+  ")(?![a-z])"; // Lookahead : if the keywords are followed by one or more letters, it should not match
+
+const matchSqlOperators = `(${SQL_OPERATORS.join("|")})`;
+
+const matchSqlFunctions =
+  "(?<=([\\s|.|" + // Lookbehind : A sql function should be preceded by spaces, dots,
+  SQL_OPERATORS.join("|") + // Or sql operators
+  "]|^)+)" +
+  "([a-z0-9_-]+)" + // The name of a sql function can include letters, numbers, "_" and "-"
+  "(?=[\\s]*\\()"; // Lookahead : A sql function should be followed by a "(" , spaces are allowed.
+
+const possibleSqlRegex = new RegExp(
+  // Match one or more of : sql keywords, sql operators, sql functions
+  `${matchSqlKeywords}|${matchSqlOperators}|${matchSqlFunctions}`,
+  "im"
+);
+
+/**
+ * This function is the first check in order to determine if a SQL injection is happening,
+ * If the user input contains the necessary characters or words for a SQL injection, this
+ * function returns true.
+ * @param userInput The user input you want to check
+ * @returns True when this is a possible SQL Injection
+ */
+export function userInputContainsSQLSyntax(userInput: string): boolean {
+  return possibleSqlRegex.test(userInput);
+}