Skip to content

Commit

Permalink
Fix sql no sql injection rule
Browse files Browse the repository at this point in the history
  • Loading branch information
Yevhen Zavhorodnii committed Jun 13, 2024
1 parent 70c0133 commit 49f47fb
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ tags.xlsx
risks.json
technical-assets.json
stats.json

.vscode

# Binaries for programs and plugins
*.exe
Expand All @@ -30,4 +30,4 @@ stats.json

# IDE stuff
/.idea/
/config.json
/config.json
4 changes: 4 additions & 0 deletions pkg/risks/builtin/sql_nosql_injection_rule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ func (r *SqlNoSqlInjectionRule) GenerateRisks(input *types.Model) ([]*types.Risk
risks := make([]*types.Risk, 0)
for _, id := range input.SortedTechnicalAssetIDs() {
technicalAsset := input.TechnicalAssets[id]
if technicalAsset.OutOfScope || technicalAsset.Type != types.Datastore {
continue
}

incomingFlows := input.IncomingTechnicalCommunicationLinksMappedByTargetId[technicalAsset.Id]
for _, incomingFlow := range incomingFlows {
potentialDatabaseAccessProtocol := incomingFlow.Protocol.IsPotentialDatabaseAccessProtocol()
Expand Down
15 changes: 15 additions & 0 deletions pkg/risks/builtin/sql_nosql_injection_rule_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ type SqlNoSqlInjectionRuleTest struct {
confidentiality types.Confidentiality
integrity types.Criticality
usage types.Usage
assetType types.TechnicalAssetType

protocol types.Protocol
isVulnerableToQueryInjection bool
Expand All @@ -55,30 +56,41 @@ type SqlNoSqlInjectionRuleTest struct {
func TestSqlNoSqlInjectionRuleCreateRisks(t *testing.T) {
testCases := map[string]SqlNoSqlInjectionRuleTest{
"not database protocol": {
assetType: types.Datastore,
protocol: types.SmbEncrypted,
expectRiskCreated: false,
isVulnerableToQueryInjection: true,
},
"not vulnerable to query injection not lax": {
assetType: types.Datastore,
protocol: types.JdbcEncrypted,
expectRiskCreated: false,
isVulnerableToQueryInjection: false,
},
"lax database always vulnerable to query injection": {
assetType: types.Datastore,
protocol: types.HTTP,
isVulnerableToQueryInjection: false,
expectRiskCreated: true,
expectedLikelihood: types.VeryLikely,
expectedImpact: types.MediumImpact,
},
"no datastore": {
assetType: types.Process,
protocol: types.JdbcEncrypted,
isVulnerableToQueryInjection: true,
expectRiskCreated: false,
},
"database protocol and vulnerable to query injection": {
assetType: types.Datastore,
protocol: types.JdbcEncrypted,
expectRiskCreated: true,
isVulnerableToQueryInjection: true,
expectedLikelihood: types.VeryLikely,
expectedImpact: types.MediumImpact,
},
"strictly confidential tech asset high impact": {
assetType: types.Datastore,
protocol: types.JdbcEncrypted,
expectRiskCreated: true,
isVulnerableToQueryInjection: true,
Expand All @@ -88,6 +100,7 @@ func TestSqlNoSqlInjectionRuleCreateRisks(t *testing.T) {
expectedImpact: types.HighImpact,
},
"mission critical integrity tech asset high impact": {
assetType: types.Datastore,
protocol: types.JdbcEncrypted,
expectRiskCreated: true,
isVulnerableToQueryInjection: true,
Expand All @@ -97,6 +110,7 @@ func TestSqlNoSqlInjectionRuleCreateRisks(t *testing.T) {
expectedImpact: types.HighImpact,
},
"devops usage likely likelihood": {
assetType: types.Datastore,
protocol: types.JdbcEncrypted,
expectRiskCreated: true,
isVulnerableToQueryInjection: true,
Expand All @@ -117,6 +131,7 @@ func TestSqlNoSqlInjectionRuleCreateRisks(t *testing.T) {
Id: "ta1",
Title: "Test Technical Asset",
OutOfScope: false,
Type: testCase.assetType,
Technologies: types.TechnologyList{
{
Name: "service-registry",
Expand Down

0 comments on commit 49f47fb

Please sign in to comment.