Skip to content

Commit

Permalink
Better SQL injection detector logging (#1316)
Browse files Browse the repository at this point in the history
  • Loading branch information
kazet authored Oct 9, 2024
1 parent fbfa109 commit 08a996f
Showing 1 changed file with 29 additions and 13 deletions.
42 changes: 29 additions & 13 deletions artemis/modules/sql_injection_detector.py
Original file line number Diff line number Diff line change
Expand Up @@ -114,16 +114,16 @@ def are_requests_time_efficient(self, url: str, **kwargs: Dict[str, Any]) -> boo

return flag

def contains_error(self, url: str, response: HTTPResponse) -> bool | None:
def contains_error(self, url: str, response: HTTPResponse) -> str | None:
if response.status_code == 500:
self.log.debug("Matched HTTP 500", url)
return True
return "500 error code"

for message in SQL_ERROR_MESSAGES:
if re.search(message, response.content):
self.log.debug("Matched error: %s on %s", message, url)
return True
return False
return message
return None

@staticmethod
def create_headers(payload: str) -> dict[str, str]:
Expand Down Expand Up @@ -177,12 +177,17 @@ def scan(self, urls: List[str], task: Task) -> List[Dict[str, Any]]:
url=current_url, payload=not_error_payload, param_batch=param_batch
)

if not self.contains_error(
url_without_payload, http_requests.get(url_without_payload)
) and self.contains_error(url_with_payload, http_requests.get(url_with_payload)):
error = self.contains_error(url_with_payload, http_requests.get(url_with_payload))

if (
not self.contains_error(url_without_payload, http_requests.get(url_without_payload))
and error
):
message.append(
{
"url": url_with_payload,
"headers": {},
"matched_error": error,
"message": "It appears that this URL is vulnerable to SQL injection",
"code": Statements.sql_injection.value,
}
Expand Down Expand Up @@ -213,6 +218,7 @@ def scan(self, urls: List[str], task: Task) -> List[Dict[str, Any]]:
message.append(
{
"url": url_with_sleep_payload,
"headers": {},
"statement": "It appears that this URL is vulnerable to time-based SQL injection",
"code": Statements.sql_time_based_injection.value,
}
Expand All @@ -228,12 +234,14 @@ def scan(self, urls: List[str], task: Task) -> List[Dict[str, Any]]:
url=current_url, param_batch=param_batch, payload=not_error_payload
)

if not self.contains_error(
url_with_no_payload, http_requests.get(url_with_no_payload)
) and self.contains_error(url_with_payload, http_requests.get(url_with_payload)):
error = self.contains_error(url_with_payload, http_requests.get(url_with_payload))

if not self.contains_error(url_with_no_payload, http_requests.get(url_with_no_payload)) and error:
message.append(
{
"url": url_with_payload,
"headers": {},
"matched_error": error,
"statement": "It appears that this URL is vulnerable to SQL injection",
"code": Statements.sql_injection.value,
}
Expand Down Expand Up @@ -264,6 +272,7 @@ def scan(self, urls: List[str], task: Task) -> List[Dict[str, Any]]:
message.append(
{
"url": url_with_sleep_payload,
"headers": {},
"statement": "It appears that this URL is vulnerable to time-based SQL injection",
"code": Statements.sql_time_based_injection.value,
}
Expand All @@ -274,12 +283,18 @@ def scan(self, urls: List[str], task: Task) -> List[Dict[str, Any]]:
for error_payload in sql_injection_error_payloads:
headers = self.create_headers(payload=error_payload)
headers_no_payload = self.create_headers(payload=not_error_payload)
if not self.contains_error(
current_url, http_requests.get(current_url, headers=headers_no_payload)
) and self.contains_error(current_url, http_requests.get(current_url, headers=headers)):

error = self.contains_error(current_url, http_requests.get(current_url, headers=headers))

if (
not self.contains_error(current_url, http_requests.get(current_url, headers=headers_no_payload))
and error
):
message.append(
{
"url": current_url,
"headers": headers,
"matched_error": error,
"statement": "It appears that this URL is vulnerable to SQL injection through HTTP Headers",
"code": Statements.headers_sql_injection.value,
"headers": headers,
Expand Down Expand Up @@ -307,6 +322,7 @@ def scan(self, urls: List[str], task: Task) -> List[Dict[str, Any]]:
message.append(
{
"url": current_url,
"headers": headers,
"statement": "It appears that this URL is vulnerable to time-based SQL injection through HTTP Headers",
"code": Statements.headers_time_based_sql_injection.value,
"headers": headers,
Expand Down

0 comments on commit 08a996f

Please sign in to comment.