Adds support to the @detectSQLi operator

2025-08-13 21:36:00 +03:00 · 2015-08-13 23:33:57 -03:00 · 2015-08-13 23:33:57 -03:00 · 1de6d07dfd
commit 1de6d07dfd
parent 4baee88eb3
3 changed files with 33 additions and 17 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -182,6 +182,7 @@ libmodsecurity_la_SOURCES = \

 LIBINJECTION = \
 	../others/libinjection/src/libinjection_html5.c \
+	../others/libinjection/src/libinjection_sqli.c \
 	../others/libinjection/src/libinjection_xss.c


--- a/src/operators/detect_sqli.cc
+++ b/src/operators/detect_sqli.cc
@ -18,26 +18,41 @@
 #include <string>

 #include "operators/operator.h"
+#include "others/libinjection/src/libinjection.h"

 namespace ModSecurity {
 namespace operators {

-bool DetectSQLi::evaluate(Assay *assay) {
-    /**
-     * @todo Implement the operator BeginsWith.
-     *       Reference: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#detectsqli
-     */

-    return true;
+bool DetectSQLi::evaluate(Assay *assay, const std::string &input) {
+    char fingerprint[8];
+    int issqli;
+    // int capture;
+
+    issqli = libinjection_sqli(input.c_str(), input.length(), fingerprint);
+    // capture = apr_table_get(rule->actionset->actions, "capture") ? 1 : 0;
+
+    if (issqli) {
+        // set_match_to_tx(msr, capture, fingerprint, 0);
+        if (assay) {
+            assay->debug(4, "detected SQLi using libinjection with " \
+                "fingerprint '" + std::string(fingerprint) + "' at: '" +
+                input + "'");
+        }
+    } else {
+        if (assay) {
+            assay->debug(9, "detected SQLi: not able to find an inject on '" +
+                input + "'");
+        }
+    }
+
+    if (negation) {
+        return issqli == 0;
+    }
+
+    return issqli != 0;
 }


-DetectSQLi::DetectSQLi(std::string op, std::string param,
-    bool negation)
-    : Operator() {
-    this->op = op;
-    this->param = param;
-}
-
 }  // namespace operators
 }  // namespace ModSecurity
--- a/src/operators/detect_sqli.h
+++ b/src/operators/detect_sqli.h
@ -20,20 +20,20 @@

 #include "operators/operator.h"

-#ifdef __cplusplus
 namespace ModSecurity {
 namespace operators {

 class DetectSQLi : public Operator {
 public:
    /** @ingroup ModSecurity_Operator */
-    DetectSQLi(std::string o, std::string p, bool i);
-    bool evaluate(Assay *assay);
+    DetectSQLi(std::string op, std::string param, bool negation)
+        : Operator(op, param, negation) { }
+
+    bool evaluate(Assay *assay, const std::string &input);
 };

 }  // namespace operators
 }  // namespace ModSecurity
-#endif


 #endif  // SRC_OPERATORS_DETECT_SQLI_H_