@aikidosec/firewall
Version:
Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.
54 lines (53 loc) • 1.99 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.Postgres = void 0;
const Context_1 = require("../agent/Context");
const checkContextForSqlInjection_1 = require("../vulnerabilities/sql-injection/checkContextForSqlInjection");
const SQLDialectPostgres_1 = require("../vulnerabilities/sql-injection/dialects/SQLDialectPostgres");
const isPlainObject_1 = require("../helpers/isPlainObject");
const wrapExport_1 = require("../agent/hooks/wrapExport");
class Postgres {
constructor() {
this.dialect = new SQLDialectPostgres_1.SQLDialectPostgres();
}
inspectQuery(args) {
const context = (0, Context_1.getContext)();
if (!context) {
return undefined;
}
if (args.length > 0 && typeof args[0] === "string" && args[0].length > 0) {
const sql = args[0];
return (0, checkContextForSqlInjection_1.checkContextForSqlInjection)({
sql: sql,
context: context,
operation: "pg.query",
dialect: this.dialect,
});
}
if (args.length > 0 &&
(0, isPlainObject_1.isPlainObject)(args[0]) &&
args[0].text &&
typeof args[0].text === "string") {
const text = args[0].text;
return (0, checkContextForSqlInjection_1.checkContextForSqlInjection)({
sql: text,
context: context,
operation: "pg.query",
dialect: this.dialect,
});
}
return undefined;
}
wrap(hooks) {
hooks
.addPackage("pg")
.withVersion("^7.0.0 || ^8.0.0")
.onRequire((exports, pkgInfo) => {
(0, wrapExport_1.wrapExport)(exports.Client.prototype, "query", pkgInfo, {
kind: "sql_op",
inspectArgs: (args) => this.inspectQuery(args),
});
});
}
}
exports.Postgres = Postgres;