@aikidosec/firewall
Version:
Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks
54 lines (53 loc) • 1.99 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.Postgres = void 0;
const Context_1 = require("../agent/Context");
const checkContextForSqlInjection_1 = require("../vulnerabilities/sql-injection/checkContextForSqlInjection");
const SQLDialectPostgres_1 = require("../vulnerabilities/sql-injection/dialects/SQLDialectPostgres");
const isPlainObject_1 = require("../helpers/isPlainObject");
const wrapExport_1 = require("../agent/hooks/wrapExport");
class Postgres {
constructor() {
this.dialect = new SQLDialectPostgres_1.SQLDialectPostgres();
}
inspectQuery(args) {
const context = (0, Context_1.getContext)();
if (!context) {
return undefined;
}
if (args.length > 0 && typeof args[0] === "string" && args[0].length > 0) {
const sql = args[0];
return (0, checkContextForSqlInjection_1.checkContextForSqlInjection)({
sql: sql,
context: context,
operation: "pg.query",
dialect: this.dialect,
});
}
if (args.length > 0 &&
(0, isPlainObject_1.isPlainObject)(args[0]) &&
args[0].text &&
typeof args[0].text === "string") {
const text = args[0].text;
return (0, checkContextForSqlInjection_1.checkContextForSqlInjection)({
sql: text,
context: context,
operation: "pg.query",
dialect: this.dialect,
});
}
return undefined;
}
wrap(hooks) {
hooks
.addPackage("pg")
.withVersion("^7.0.0 || ^8.0.0")
.onRequire((exports, pkgInfo) => {
(0, wrapExport_1.wrapExport)(exports.Client.prototype, "query", pkgInfo, {
kind: "sql_op",
inspectArgs: (args) => this.inspectQuery(args),
});
});
}
}
exports.Postgres = Postgres;