diff --git a/aikido_zen/vulnerabilities/init_test.py b/aikido_zen/vulnerabilities/init_test.py index 21d2ac9ad..0baa9470b 100644 --- a/aikido_zen/vulnerabilities/init_test.py +++ b/aikido_zen/vulnerabilities/init_test.py @@ -133,6 +133,7 @@ def test_sql_injection_with_comms(caplog, get_context, monkeypatch): call_args[1][0]["metadata"]["sql"] == "INSERT * INTO VALUES ('doggoss2', TRUE);" ) + assert call_args[1][0]["metadata"]["dialect"] == "mysql" def test_ssrf_with_comms_hostnames_add(caplog, get_context, monkeypatch): diff --git a/aikido_zen/vulnerabilities/sql_injection/context_contains_sql_injection.py b/aikido_zen/vulnerabilities/sql_injection/context_contains_sql_injection.py index e067d97d3..6a25c49fe 100644 --- a/aikido_zen/vulnerabilities/sql_injection/context_contains_sql_injection.py +++ b/aikido_zen/vulnerabilities/sql_injection/context_contains_sql_injection.py @@ -20,7 +20,10 @@ def context_contains_sql_injection(sql, operation, context, dialect): "kind": "sql_injection", "source": source, "pathToPayload": path, - "metadata": {"sql": sql}, + "metadata": { + "sql": sql, + "dialect": dialect, + }, "payload": user_input, } return {} diff --git a/end2end/django_mysql_gunicorn_test.py b/end2end/django_mysql_gunicorn_test.py index 4637a3436..d43d12677 100644 --- a/end2end/django_mysql_gunicorn_test.py +++ b/end2end/django_mysql_gunicorn_test.py @@ -39,7 +39,10 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"] == { "blocked": True, "kind": "sql_injection", - 'metadata': {'sql': 'INSERT INTO sample_app_dogs (dog_name, dog_boss) VALUES ("Dangerous bobby", 1); -- ", "N/A")'}, + 'metadata': { + 'dialect': 'mysql', + 'sql': 'INSERT INTO sample_app_dogs (dog_name, dog_boss) VALUES ("Dangerous bobby", 1); -- ", "N/A")' + }, 'operation': 'MySQLdb.Cursor.execute', 'pathToPayload': '.dog_name', 'payload': '"Dangerous bobby\\", 1); -- "', diff --git a/end2end/django_mysql_test.py b/end2end/django_mysql_test.py index 95c8f456f..0520da672 100644 --- a/end2end/django_mysql_test.py +++ b/end2end/django_mysql_test.py @@ -37,7 +37,10 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"] == { "blocked": True, "kind": "sql_injection", - 'metadata': {'sql': 'INSERT INTO sample_app_dogs (dog_name, dog_boss) VALUES ("Dangerous bobby", 1); -- ", "N/A")'}, + 'metadata': { + 'dialect': 'mysql', + 'sql': 'INSERT INTO sample_app_dogs (dog_name, dog_boss) VALUES ("Dangerous bobby", 1); -- ", "N/A")' + }, 'operation': 'MySQLdb.Cursor.execute', 'pathToPayload': '.dog_name', 'payload': '"Dangerous bobby\\", 1); -- "', diff --git a/end2end/django_postgres_gunicorn_test.py b/end2end/django_postgres_gunicorn_test.py index 4815558df..98940a942 100644 --- a/end2end/django_postgres_gunicorn_test.py +++ b/end2end/django_postgres_gunicorn_test.py @@ -39,7 +39,10 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"] == { "blocked": True, "kind": "sql_injection", - 'metadata': {'sql': "INSERT INTO sample_app_Dogs (dog_name, is_admin) VALUES ('Dangerous bobby', TRUE); -- ', FALSE)"}, + 'metadata': { + 'dialect': "postgres", + 'sql': "INSERT INTO sample_app_Dogs (dog_name, is_admin) VALUES ('Dangerous bobby', TRUE); -- ', FALSE)" + }, 'operation': "psycopg2.Connection.Cursor.execute", 'pathToPayload': '.dog_name', 'payload': "\"Dangerous bobby', TRUE); -- \"", diff --git a/end2end/flask_mysql_test.py b/end2end/flask_mysql_test.py index 2365521ed..6e8d0d55f 100644 --- a/end2end/flask_mysql_test.py +++ b/end2end/flask_mysql_test.py @@ -40,6 +40,7 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"]["blocked"] == True assert attacks[0]["attack"]["kind"] == "sql_injection" assert attacks[0]["attack"]["metadata"]["sql"] == 'INSERT INTO dogs (dog_name, isAdmin) VALUES ("Dangerous bobby", 1); -- ", 0)' + assert attacks[0]["attack"]["metadata"]["dialect"] == 'mysql' assert attacks[0]["attack"]["operation"] == 'pymysql.Cursor.execute' assert attacks[0]["attack"]["pathToPayload"] == '.dog_name' assert attacks[0]["attack"]["payload"] == '"Dangerous bobby\\", 1); -- "' diff --git a/end2end/flask_mysql_uwsgi_test.py b/end2end/flask_mysql_uwsgi_test.py index a1917a794..149582546 100644 --- a/end2end/flask_mysql_uwsgi_test.py +++ b/end2end/flask_mysql_uwsgi_test.py @@ -39,7 +39,10 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"] == { "blocked": True, "kind": "sql_injection", - 'metadata': {'sql': 'INSERT INTO dogs (dog_name, isAdmin) VALUES ("Dangerous bobby", 1); -- ", 0)'}, + 'metadata': { + 'dialect': 'mysql', + 'sql': 'INSERT INTO dogs (dog_name, isAdmin) VALUES ("Dangerous bobby", 1); -- ", 0)' + }, 'operation': 'pymysql.Cursor.execute', 'pathToPayload': '.dog_name', 'payload': '"Dangerous bobby\\", 1); -- "', diff --git a/end2end/flask_postgres_test.py b/end2end/flask_postgres_test.py index 16be5222a..72d668da3 100644 --- a/end2end/flask_postgres_test.py +++ b/end2end/flask_postgres_test.py @@ -85,7 +85,10 @@ def test_attacks_detected(): assert attacks[0]["attack"] == { "blocked": True, "kind": "sql_injection", - 'metadata': {'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Dangerous Bobby', TRUE); -- ', FALSE)"}, + 'metadata': { + 'dialect': "postgres", + 'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Dangerous Bobby', TRUE); -- ', FALSE)" + }, 'operation': "psycopg2.Connection.Cursor.execute", 'pathToPayload': '.dog_name', 'payload': '"Dangerous Bobby\', TRUE); -- "', @@ -95,7 +98,10 @@ def test_attacks_detected(): assert attacks[1]["attack"] == { "blocked": True, "kind": "sql_injection", - 'metadata': {'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Bobby', TRUE) --', FALSE)"}, + 'metadata': { + 'dialect': "postgres", + 'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Bobby', TRUE) --', FALSE)" + }, 'operation': "psycopg2.Connection.Cursor.execute", 'pathToPayload': '.dog_name', 'payload': "\"Bobby', TRUE) --\"", diff --git a/end2end/flask_postgres_xml_lxml_test.py b/end2end/flask_postgres_xml_lxml_test.py index e44552480..4f471b86e 100644 --- a/end2end/flask_postgres_xml_lxml_test.py +++ b/end2end/flask_postgres_xml_lxml_test.py @@ -33,7 +33,10 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"] == { "blocked": True, "kind": "sql_injection", - 'metadata': {'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Malicious dog', TRUE); -- ', FALSE)"}, + 'metadata': { + 'dialect': "postgres", + 'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Malicious dog', TRUE); -- ', FALSE)" + }, 'operation': "psycopg2.Connection.Cursor.execute", 'pathToPayload': ".dog_name.[0]", 'payload': "\"Malicious dog', TRUE); -- \"", diff --git a/end2end/flask_postgres_xml_test.py b/end2end/flask_postgres_xml_test.py index 47b31f21d..1fceb92fe 100644 --- a/end2end/flask_postgres_xml_test.py +++ b/end2end/flask_postgres_xml_test.py @@ -39,7 +39,10 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"] == { "blocked": True, "kind": "sql_injection", - 'metadata': {'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Malicious dog', TRUE); -- ', FALSE)"}, + 'metadata': { + 'dialect': "postgres", + 'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Malicious dog', TRUE); -- ', FALSE)" + }, 'operation': "psycopg2.Connection.Cursor.execute", 'pathToPayload': ".dog_name.[0]", 'payload': "\"Malicious dog', TRUE); -- \"", diff --git a/end2end/quart_postgres_uvicorn_test.py b/end2end/quart_postgres_uvicorn_test.py index ebea4a9ab..4732f7823 100644 --- a/end2end/quart_postgres_uvicorn_test.py +++ b/end2end/quart_postgres_uvicorn_test.py @@ -38,6 +38,7 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"]["blocked"] == True assert attacks[0]["attack"]["kind"] == "sql_injection" assert attacks[0]["attack"]["metadata"]["sql"] == "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Dangerous Bobby', TRUE); -- ', FALSE)" + assert attacks[0]["attack"]["metadata"]["dialect"] == "postgres" assert attacks[0]["attack"]["operation"] == "asyncpg.connection.Connection.execute" assert attacks[0]["attack"]["pathToPayload"] == '.dog_name' assert attacks[0]["attack"]["payload"] == "\"Dangerous Bobby', TRUE); -- \"" diff --git a/end2end/starlette_postgres_uvicorn_test.py b/end2end/starlette_postgres_uvicorn_test.py index 331bedcd5..0b725ed6c 100644 --- a/end2end/starlette_postgres_uvicorn_test.py +++ b/end2end/starlette_postgres_uvicorn_test.py @@ -40,6 +40,7 @@ def test_dangerous_response_with_firewall(): assert attacks[0]["attack"]["blocked"] == True assert attacks[0]["attack"]["kind"] == "sql_injection" assert attacks[0]["attack"]["metadata"]["sql"] == "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Dangerous Bobby', TRUE); -- ', FALSE)" + assert attacks[0]["attack"]["metadata"]["dialect"] == "postgres" assert attacks[0]["attack"]["operation"] == "asyncpg.connection.Connection.execute" assert attacks[0]["attack"]["pathToPayload"] == ".dog_name" assert attacks[0]["attack"]["payload"] == "\"Dangerous Bobby', TRUE); -- \""