UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

45 lines (44 loc) 1.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.NodeSQLite = void 0; const Context_1 = require("../agent/Context"); const wrapExport_1 = require("../agent/hooks/wrapExport"); const checkContextForSqlInjection_1 = require("../vulnerabilities/sql-injection/checkContextForSqlInjection"); const SQLDialectSQLite_1 = require("../vulnerabilities/sql-injection/dialects/SQLDialectSQLite"); class NodeSQLite { constructor() { this.dialect = new SQLDialectSQLite_1.SQLDialectSQLite(); } wrap(hooks) { const sqlFunctions = ["exec", "prepare"]; // Omit node: prefix because its an internal module hooks.addBuiltinModule("sqlite").onRequire((exports, pkgInfo) => { const dbSyncProto = exports.DatabaseSync.prototype; for (const func of sqlFunctions) { (0, wrapExport_1.wrapExport)(dbSyncProto, func, pkgInfo, { kind: "sql_op", inspectArgs: (args) => this.inspectQuery(`node:sqlite.${func}`, args), }); } }); } inspectQuery(operation, args) { const context = (0, Context_1.getContext)(); if (!context) { return undefined; } if (args.length > 0) { if (typeof args[0] === "string" && args[0].length > 0) { const sql = args[0]; return (0, checkContextForSqlInjection_1.checkContextForSqlInjection)({ operation: operation, sql: sql, context: context, dialect: this.dialect, }); } } return undefined; } } exports.NodeSQLite = NodeSQLite;