Move config.json to config.ts and add some comments

AikidoSec · Feb 27, 2024 · 42aff2f · 42aff2f
1 parent 9de3ded
commit 42aff2f
Show file tree

Hide file tree

Showing 3 changed files with 110 additions and 98 deletions.
diff --git a/library/src/vulnerabilities/sql-injection/config.json b/library/src/vulnerabilities/sql-injection/config.json
diff --git a/library/src/vulnerabilities/sql-injection/config.ts b/library/src/vulnerabilities/sql-injection/config.ts
@@ -0,0 +1,109 @@
+const SQL_KEYWORDS = [
+  "INSERT",
+  "SELECT",
+  "CREATE",
+  "DROP",
+  "DATABASE",
+  "UPDATE",
+  "DELETE",
+  "ALTER",
+  "GRANT",
+  "SAVEPOINT",
+  "COMMIT",
+  "ROLLBACK",
+  "TRUNCATE",
+  "OR",
+  "AND",
+  "UNION",
+  "AS",
+  "WHERE",
+  "DISTINCT",
+  "FROM",
+  "INTO",
+  "TOP",
+  "BETWEEN",
+  "LIKE",
+  "IN",
+  "NULL",
+  "NOT",
+  "TABLE",
+  "INDEX",
+  "VIEW",
+  "COUNT",
+  "SUM",
+  "AVG",
+  "MIN",
+  "MAX",
+  "GROUP",
+  "BY",
+  "HAVING",
+  "DESC",
+  "ASC",
+  "OFFSET",
+  "FETCH",
+  "LEFT",
+  "RIGHT",
+  "INNER",
+  "OUTER",
+  "JOIN",
+  "EXISTS",
+  "REVOKE",
+  "ALL",
+  "LIMIT",
+  "ORDER",
+  "ADD",
+  "CONSTRAINT",
+  "COLUMN",
+  "ANY",
+  "BACKUP",
+  "CASE",
+  "CHECK",
+  "REPLACE",
+  "DEFAULT",
+  "EXEC",
+  "FOREIGN",
+  "KEY",
+  "FULL",
+  "PROCEDURE",
+  "ROWNUM",
+  "SET",
+  "UNIQUE",
+  "VALUES",
+  "COLLATE",
+  "IS",
+];
+
+// We make use of double backslashes to create a single backslash in the RegEx
+const SQL_OPERATORS = [
+  "=",
+  "!",
+  ";",
+  "\\+", // This checks for "+"
+  "\\-", // This checks for "-"
+  "\\*", // This checks for "*"
+  "\\/", // This checks for a slash
+  "%",
+  "&",
+  "\\|", // This checks for "|"
+  "\\^", // This checks for "^"
+  ">",
+  "<",
+];
+
+// We make use of double backslashes to create a single backslash in the RegEx
+const SQL_DANGEROUS_IN_STRING = [
+  "\\\\", // Check for backslashes : "\"
+  "'", // Check for single quotes
+  '"', // Check for double quotes
+  "`", // Check for `
+  "\\/\\*", // Check for the start of a comment : "/*"
+  "--", // Check for the the start of a comment : "--"
+];
+const SQL_STRING_CHARS = ['"', "'"];
+
+export {
+  SQL_KEYWORDS,
+  SQL_OPERATORS,
+  SQL_DANGEROUS_IN_STRING,
+  SQL_STRING_CHARS,
+};
diff --git a/library/src/vulnerabilities/sql-injection/detectSQLInjection.ts b/library/src/vulnerabilities/sql-injection/detectSQLInjection.ts
@@ -3,16 +3,12 @@ import { Context } from "../../agent/Context";
 import { Source, friendlyName } from "../../agent/Source";
 import { extractStringsFromUserInput } from "../../helpers/extractStringsFromUserInput";
 
-/* We make use of double backslashes to create a single backslash in the RegEx
- * SQL Operators : = ! ; + - * / % & | ^ > <
- * Dangerous characters in strings : \ ' " ` /* --
- */
 import {
   SQL_KEYWORDS,
   SQL_OPERATORS,
   SQL_DANGEROUS_IN_STRING,
   SQL_STRING_CHARS,
-} from "./config.json";
+} from "./config";
 
 /**
  * This function executes 2 checks to see if something is or is not an SQL Injection :