sql_injection_detection 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b96350f2386f65f82461aeaa07b4e5869e38080ef26c1efeef6020b57594e5dd
+  data.tar.gz: 61903b6d203667ad906089fde544c20fe8456be90ae845c18b1d26976fcc80dd
+SHA512:
+  metadata.gz: 4b98339bc2daf3ee9fc0da4d8d3316055a3a3d21477c42819cc9ed06de125510f2209ad3239da26d19320b54d37f0d91226cf404e53972a63c6f521ca5dccb1f
+  data.tar.gz: 0f84b22512656e042c1610aa3a13c19d45cfd38d5da55a738e1243634bacabebb026e555df41a6666b95c412c56e2e722053d938364059cceb23d0b2b2bcb045

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,8 @@
+AllCops:
+  TargetRubyVersion: 3.0
+
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  EnforcedStyle: double_quotes

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,132 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 TODO: Write your name
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,71 @@
+# SQL Injection Detection Gem
+
+[![Gem Version](https://badge.fury.io/rb/sql_injection_detection.svg)](https://badge.fury.io/rb/sql_injection_detection)
+[![Build Status](https://travis-ci.com/JakubSchwenkbeck/SQL-Injection-Detector-GEM.svg?branch=main)](https://travis-ci.com/JakubSchwenkbeck/SQL-Injection-Detector-GEM)
+
+## Overview
+
+The `sql_injection_detection` gem is a lightweight Ruby library designed to detect potential SQL injection attempts in input strings. It can be used to enhance the security of Ruby on Rails applications or any Ruby-based projects by identifying and flagging suspicious input patterns that are commonly used in SQL injection attacks.
+
+## Features
+
+- Detects common SQL injection patterns, such as:
+  - Single quotes and encoded characters
+  - SQL comments (`--`)
+  - SQL keywords like `UNION`, `SELECT`, `DROP`, `INSERT`, and `DELETE`
+  - Boolean-based injections using `OR` and `AND`
+- Simple API: one method call to check for SQL injection
+- Lightweight and easy to integrate into existing projects
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sql_injection_detection'
+```
+And then execute:
+
+```bash
+bundle install
+```
+Or install it yourself as:
+
+```bash
+gem install sql_injection_detection
+```
+## Usage
+You can use the gem by requiring it in your project and calling the SqlInjectionDetection::Checker.check method with the input string you want to validate:
+
+```ruby
+require 'sql_injection_detection'
+
+input = "' OR 1=1 --"
+if SqlInjectionDetection::Checker.check(input)
+  puts "Potential SQL injection detected!"
+else
+  puts "Input is safe."
+end
+```
+### Example Usage
+```ruby
+input = "SELECT * FROM users WHERE username = 'admin' --"
+if SqlInjectionDetection::Checker.check(input)
+  puts "Warning: SQL Injection attempt detected!"
+else
+  puts "Input is safe."
+end
+```
+## Development
+After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the tag, and push the .gem file to rubygems.org.
+
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/JakubSchwenkbeck/SQL-Injection-Detector-GEM. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.
+
+## License
+The gem is available as open source under the terms of the MIT License.
+
+## Acknowledgements
+This project was created to provide a simple yet effective tool for detecting SQL injection vulnerabilities in Ruby applications. Contributions and feedback are greatly appreciated!

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/lib/sql_injection_detection/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module SqlInjectionDetection
+  VERSION = "1.0.0"
+end

data/lib/sql_injection_detection.rb

@@ -0,0 +1,130 @@
+module SqlInjectionDetection
+  class Checker
+    # Combined regex patterns to detect a wide range of SQL injection techniques
+    PATTERNS = [
+      # Detects single quotes or encoded single quotes, often used to escape SQL strings
+      /(%27)|(')/i,
+
+      # Detects SQL comments (inline comments using --) and block comments (/* */)
+      /(--|\/\*)/i,
+
+      # Detects encoded characters for inline comments (e.g., %23 for #)
+      /(%23|%2F%2A)/i,
+
+      # Detects boolean-based SQL injections using OR/AND with numbers, strings, NULL, or boolean values
+      /\b(OR|AND)\b\s+(\d+|'[^']*'|NULL|TRUE|FALSE)/i,
+
+      # Detects UNION and SELECT keywords, often used to combine results from multiple SELECT statements
+      /\b(UNION|SELECT)\b/i,
+
+      # Detects the usage of semicolons, used to terminate SQL statements and inject new ones
+      /(;)/,
+
+      # Detects common SQL keywords for data manipulation and structure changes
+      # DROP: Used to drop tables or databases
+      # INSERT: Used to inject data into tables
+      # DELETE: Used to remove data
+      # UPDATE: Used to modify data
+      /\b(DROP|INSERT|DELETE|UPDATE)\b/i,
+
+      # Detects potential SQL keywords with a high risk for code injection
+      # EXEC: Execute a stored procedure or dynamic SQL
+      # EXECUTE: Same as EXEC
+      /\b(EXEC|EXECUTE)\b/i,
+
+      # Detects SQL wildcards and patterns in LIKE-based attacks
+      # LIKE: Used with wildcards to match patterns in SQL
+      /\bLIKE\b\s+('|")[^'"]+('|")/i,
+
+      # Detects null-byte injections, used in various bypass techniques
+      /\x00/i,
+
+      # Detects SQL injections that use concatenation to bypass filters
+      # ||: SQL concatenation operator
+      /\|\|/,
+
+      # Detects encoded and decoded SQL keywords using hexadecimal or binary representations
+      # e.g., 0x53514c20494e4a454354494f4e represents "SQL INJECTION"
+      /0x[0-9A-Fa-f]+/,
+
+      # Detects encoded comments using the %2D (dash) and %2F (slash) patterns
+      /(%2D){2}|(%2F%2A)/i,
+
+      # Detects SQL keywords that interact with metadata, which could be exploited
+      # INFORMATION_SCHEMA: A schema containing information about database objects
+      # SYSOBJECTS: A system table containing information about objects within the database
+      /\b(INFORMATION_SCHEMA|SYSOBJECTS)\b/i,
+
+      # Detects blind SQL injection techniques, which rely on timing to infer database information
+      # WAITFOR: SQL Server keyword used to delay execution
+      # BENCHMARK: MySQL function to run a specified number of loops
+      /\b(WAITFOR|BENCHMARK)\b\s+/i,
+
+      # Detects time-based SQL injection techniques, commonly used to exploit delays
+      # SLEEP: MySQL function to delay execution
+      # PG_SLEEP: PostgreSQL function to delay execution
+      /\b(SLEEP|PG_SLEEP)\b\s*\(\s*\d+\s*\)/i,
+
+      # Detects SQL Server specific injections for stacked queries
+      # XP_CMDSHELL: Executes command shell commands
+      /\bXP_CMDSHELL\b/i,
+
+      # Detects MySQL-specific injections for loading external files
+      # LOAD_FILE: Loads a file into a string in MySQL
+      /\bLOAD_FILE\b\s*\(/i,
+
+      # Detects SQL Server injection keywords for accessing system procedures
+      # sp_: Stored procedure prefix in SQL Server
+      /\bsp_[a-zA-Z0-9_]+\b/i,
+
+      # Detects SQL injection attempts using the ALTER keyword to change database structure
+      /\bALTER\b/i,
+
+      # Detects usage of subqueries which could be exploited in certain contexts
+      /\b(SELECT\s+\*\s+FROM)\b/i,
+
+      # Detects complex UNION SELECT attempts that combine multiple SELECTs
+      /UNION\s+(ALL\s+)?SELECT\s+/i,
+
+      # Detects SQL keywords that could be used to read from or write to files in the database
+      # OUTFILE: Writes query results to a file in MySQL
+      # INTO OUTFILE: Writes to a file in SQL
+      /\b(INTO\s+OUTFILE|OUTFILE)\b/i,
+
+      # Detects SQL functions that could be used to bypass typical sanitization checks
+      # ASCII: Returns ASCII value of the first character
+      # CHAR: Returns the character for each integer passed
+      /\b(ASCII|CHAR)\b\s*\(\s*[^\)]*\s*\)/i,
+
+      # Detects SQL injection techniques that attempt to execute multiple queries
+      # Semicolon (;) to chain queries together
+      /\;/,
+
+      # Detects SQL injection techniques that make use of the CONCAT function to merge strings
+      /\bCONCAT\b\s*\(/i,
+
+      # Detects SQL keywords related to database schema manipulation that might be dangerous
+      # CREATE: Used to create new tables, databases, or users
+      # ALTER: Used to change database structures
+      /\b(CREATE|ALTER)\b/i,
+
+      # Detects SQL injection techniques that rely on the RAND function to bypass unique constraints
+      /\bRAND\b\s*\(\s*\)/i,
+
+      # Detects SQL injection techniques that use mathematical functions to manipulate results
+      # SQRT: Returns the square root of a number
+      /\bSQRT\b\s*\(\s*\d+\s*\)/i,
+
+      # Detects SQL injection techniques that use encryption functions to manipulate queries
+      # AES_ENCRYPT: Encrypts data using AES
+      /\bAES_ENCRYPT\b\s*\(\s*[^\)]*\s*\)/i
+    ]
+
+    # Method to check if the input string contains SQL injection patterns
+    def self.check(input)
+      return false if input.nil? || input.strip.empty?
+
+      PATTERNS.any? { |pattern| pattern.match?(input) }
+    end
+  end
+end

data/sig/sql_injection_detection.rbs

@@ -0,0 +1,4 @@
+module SqlInjectionDetection
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification
+name: sql_injection_detection
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Jakub Schwenkbeck
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2024-08-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: The sql_injection_detection gem provides a basic yet effective way to
+  detect common SQL injection attempts by matching input strings against known malicious
+  patterns. It can be used in Ruby on Rails applications or any Ruby-based projects
+  to help prevent SQL injection vulnerabilities.
+email:
+- Jakub@Schwenkbeck.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- CODE_OF_CONDUCT.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/sql_injection_detection.rb
+- lib/sql_injection_detection/version.rb
+- sig/sql_injection_detection.rbs
+homepage: https://github.com/JakubSchwenkbeck/SQL-Injection-Detector-GEM
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/JakubSchwenkbeck/SQL-Injection-Detector-GEM
+  source_code_uri: https://github.com/JakubSchwenkbeck/SQL-Injection-Detector-GEM
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.11
+signing_key:
+specification_version: 4
+summary: A simple gem to detect potential SQL injection attacks in input strings.
+test_files: []