Report dialect in case of sql injection

aikido_zen/vulnerabilities/init_test.py

@@ -133,6 +133,7 @@ def test_sql_injection_with_comms(caplog, get_context, monkeypatch):
             call_args[1][0]["metadata"]["sql"]
             == "INSERT * INTO VALUES ('doggoss2', TRUE);"
         )
+        assert call_args[1][0]["metadata"]["dialect"] == "mysql"
 
 
 def test_ssrf_with_comms_hostnames_add(caplog, get_context, monkeypatch):

aikido_zen/vulnerabilities/sql_injection/context_contains_sql_injection.py

@@ -20,7 +20,10 @@ def context_contains_sql_injection(sql, operation, context, dialect):
                 "kind": "sql_injection",
                 "source": source,
                 "pathToPayload": path,
-                "metadata": {"sql": sql},
+                "metadata": {
+                    "sql": sql,
+                    "dialect": dialect,
+                },
                 "payload": user_input,
             }
     return {}

end2end/django_mysql_gunicorn_test.py

@@ -39,7 +39,10 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"] == {
         "blocked": True,
         "kind": "sql_injection",
-        'metadata': {'sql': 'INSERT INTO sample_app_dogs (dog_name, dog_boss) VALUES ("Dangerous bobby", 1); -- ", "N/A")'},
+        'metadata': {
+            'dialect': 'mysql',
+            'sql': 'INSERT INTO sample_app_dogs (dog_name, dog_boss) VALUES ("Dangerous bobby", 1); -- ", "N/A")'
+        },
         'operation': 'MySQLdb.Cursor.execute',
         'pathToPayload': '.dog_name',
         'payload': '"Dangerous bobby\\", 1); -- "',

end2end/django_mysql_test.py

@@ -37,7 +37,10 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"] == {
         "blocked": True,
         "kind": "sql_injection",
-        'metadata': {'sql': 'INSERT INTO sample_app_dogs (dog_name, dog_boss) VALUES ("Dangerous bobby", 1); -- ", "N/A")'},
+        'metadata': {
+            'dialect': 'mysql',
+            'sql': 'INSERT INTO sample_app_dogs (dog_name, dog_boss) VALUES ("Dangerous bobby", 1); -- ", "N/A")'
+        },
         'operation': 'MySQLdb.Cursor.execute',
         'pathToPayload': '.dog_name',
         'payload': '"Dangerous bobby\\", 1); -- "',

end2end/django_postgres_gunicorn_test.py

@@ -39,7 +39,10 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"] == {
         "blocked": True,
         "kind": "sql_injection",
-        'metadata': {'sql': "INSERT INTO sample_app_Dogs (dog_name, is_admin) VALUES ('Dangerous bobby', TRUE); -- ', FALSE)"},
+        'metadata': {
+            'dialect': "postgres",
+            'sql': "INSERT INTO sample_app_Dogs (dog_name, is_admin) VALUES ('Dangerous bobby', TRUE); -- ', FALSE)"
+        },
         'operation': "psycopg2.Connection.Cursor.execute",
         'pathToPayload': '.dog_name',
         'payload': "\"Dangerous bobby', TRUE); -- \"",

end2end/flask_mysql_test.py

@@ -40,6 +40,7 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"]["blocked"] == True
     assert attacks[0]["attack"]["kind"] == "sql_injection"
     assert attacks[0]["attack"]["metadata"]["sql"] == 'INSERT INTO dogs (dog_name, isAdmin) VALUES ("Dangerous bobby", 1); -- ", 0)'
+    assert attacks[0]["attack"]["metadata"]["dialect"] == 'mysql'
     assert attacks[0]["attack"]["operation"] == 'pymysql.Cursor.execute'
     assert attacks[0]["attack"]["pathToPayload"] == '.dog_name'
     assert attacks[0]["attack"]["payload"] == '"Dangerous bobby\\", 1); -- "'

end2end/flask_mysql_uwsgi_test.py

@@ -39,7 +39,10 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"] == {
         "blocked": True,
         "kind": "sql_injection",
-        'metadata': {'sql': 'INSERT INTO dogs (dog_name, isAdmin) VALUES ("Dangerous bobby", 1); -- ", 0)'},
+        'metadata': {
+            'dialect': 'mysql',
+            'sql': 'INSERT INTO dogs (dog_name, isAdmin) VALUES ("Dangerous bobby", 1); -- ", 0)'
+        },
         'operation': 'pymysql.Cursor.execute',
         'pathToPayload': '.dog_name',
         'payload': '"Dangerous bobby\\", 1); -- "',

end2end/flask_postgres_test.py

@@ -85,7 +85,10 @@ def test_attacks_detected():
     assert attacks[0]["attack"] == {
         "blocked": True,
         "kind": "sql_injection",
-        'metadata': {'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Dangerous Bobby', TRUE); -- ', FALSE)"},
+        'metadata': {
+            'dialect': "postgres",
+            'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Dangerous Bobby', TRUE); -- ', FALSE)"
+        },
         'operation': "psycopg2.Connection.Cursor.execute",
         'pathToPayload': '.dog_name',
         'payload':  '"Dangerous Bobby\', TRUE); -- "',
@@ -95,7 +98,10 @@ def test_attacks_detected():
     assert attacks[1]["attack"] == {
         "blocked": True,
         "kind": "sql_injection",
-        'metadata': {'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Bobby', TRUE) --', FALSE)"},
+        'metadata': {
+            'dialect': "postgres",
+            'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Bobby', TRUE) --', FALSE)"
+        },
         'operation': "psycopg2.Connection.Cursor.execute",
         'pathToPayload': '.dog_name',
         'payload': "\"Bobby', TRUE) --\"",

end2end/flask_postgres_xml_lxml_test.py

@@ -33,7 +33,10 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"] == {
         "blocked": True,
         "kind": "sql_injection",
-        'metadata': {'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Malicious dog', TRUE); -- ', FALSE)"},
+        'metadata': {
+            'dialect': "postgres",
+            'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Malicious dog', TRUE); -- ', FALSE)"
+        },
         'operation': "psycopg2.Connection.Cursor.execute",
         'pathToPayload': ".dog_name.[0]",
         'payload': "\"Malicious dog', TRUE); -- \"",

end2end/flask_postgres_xml_test.py

@@ -39,7 +39,10 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"] == {
         "blocked": True,
         "kind": "sql_injection",
-        'metadata': {'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Malicious dog', TRUE); -- ', FALSE)"},
+        'metadata': {
+            'dialect': "postgres",
+            'sql': "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Malicious dog', TRUE); -- ', FALSE)"
+        },
         'operation': "psycopg2.Connection.Cursor.execute",
         'pathToPayload': ".dog_name.[0]",
         'payload': "\"Malicious dog', TRUE); -- \"",

end2end/quart_postgres_uvicorn_test.py

@@ -38,6 +38,7 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"]["blocked"] == True
     assert attacks[0]["attack"]["kind"] == "sql_injection"
     assert attacks[0]["attack"]["metadata"]["sql"] == "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Dangerous Bobby', TRUE); -- ', FALSE)"
+    assert attacks[0]["attack"]["metadata"]["dialect"] == "postgres"
     assert attacks[0]["attack"]["operation"] == "asyncpg.connection.Connection.execute"
     assert attacks[0]["attack"]["pathToPayload"] == '.dog_name'
     assert attacks[0]["attack"]["payload"] == "\"Dangerous Bobby', TRUE); -- \""

end2end/starlette_postgres_uvicorn_test.py

@@ -40,6 +40,7 @@ def test_dangerous_response_with_firewall():
     assert attacks[0]["attack"]["blocked"] == True
     assert attacks[0]["attack"]["kind"] == "sql_injection"
     assert attacks[0]["attack"]["metadata"]["sql"] == "INSERT INTO dogs (dog_name, isAdmin) VALUES ('Dangerous Bobby', TRUE); -- ', FALSE)"
+    assert attacks[0]["attack"]["metadata"]["dialect"] == "postgres"
     assert attacks[0]["attack"]["operation"] == "asyncpg.connection.Connection.execute"
     assert attacks[0]["attack"]["pathToPayload"] == ".dog_name"
     assert attacks[0]["attack"]["payload"] == "\"Dangerous Bobby', TRUE); -- \""