@aikidosec/firewall
Version:
Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks
54 lines (53 loc) • 1.98 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.MySQL = void 0;
const Context_1 = require("../agent/Context");
const wrapExport_1 = require("../agent/hooks/wrapExport");
const isPlainObject_1 = require("../helpers/isPlainObject");
const checkContextForSqlInjection_1 = require("../vulnerabilities/sql-injection/checkContextForSqlInjection");
const SQLDialectMySQL_1 = require("../vulnerabilities/sql-injection/dialects/SQLDialectMySQL");
class MySQL {
constructor() {
this.dialect = new SQLDialectMySQL_1.SQLDialectMySQL();
}
inspectQuery(args) {
const context = (0, Context_1.getContext)();
if (!context) {
return undefined;
}
if (args.length > 0 && typeof args[0] === "string" && args[0].length > 0) {
const sql = args[0];
return (0, checkContextForSqlInjection_1.checkContextForSqlInjection)({
sql: sql,
context: context,
operation: "MySQL.query",
dialect: this.dialect,
});
}
if (args.length > 0 &&
(0, isPlainObject_1.isPlainObject)(args[0]) &&
args[0].sql &&
typeof args[0].sql === "string") {
const sql = args[0].sql;
return (0, checkContextForSqlInjection_1.checkContextForSqlInjection)({
sql: sql,
context: context,
operation: "MySQL.query",
dialect: this.dialect,
});
}
return undefined;
}
wrap(hooks) {
hooks
.addPackage("mysql")
.withVersion("^2.0.0")
.onFileRequire("lib/Connection.js", (exports, pkgInfo) => {
(0, wrapExport_1.wrapExport)(exports.prototype, "query", pkgInfo, {
kind: "sql_op",
inspectArgs: (args) => this.inspectQuery(args),
});
});
}
}
exports.MySQL = MySQL;