|
2 | 2 |
|
3 | 3 | import jnr.ffi.LibraryLoader; |
4 | 4 | import jnr.ffi.LibraryOption; |
| 5 | +import jnr.ffi.annotations.Encoding; |
5 | 6 | import dev.aikido.agent_api.helpers.logging.LogManager; |
6 | 7 | import dev.aikido.agent_api.helpers.logging.Logger; |
7 | 8 |
|
8 | 9 | import java.nio.file.Files; |
9 | 10 | import java.nio.file.Path; |
10 | 11 | import java.util.HashMap; |
11 | 12 | import java.util.Map; |
| 13 | +import java.nio.charset.StandardCharsets; |
12 | 14 |
|
13 | 15 | import static dev.aikido.agent_api.vulnerabilities.sql_injection.GetBinaryPath.getPathForBinary; |
14 | 16 |
|
15 | 17 | public final class RustSQLInterface { |
16 | 18 | private RustSQLInterface() {} |
17 | 19 |
|
18 | 20 | private static final Logger logger = LogManager.getLogger(RustSQLInterface.class); |
| 21 | + |
| 22 | + @Encoding("UTF-8") |
19 | 23 | public interface SqlLib { |
20 | | - int detect_sql_injection(String query, String userinput, int dialect); |
| 24 | + int detect_sql_injection(String query, long queryLen, String userinput, long userinputLen, int dialect); |
21 | 25 | } |
| 26 | + |
22 | 27 | public static boolean detectSqlInjection(String query, String userInput, Dialect dialect) { |
23 | 28 | int dialectInteger = dialect.getDialectInteger(); |
24 | 29 | try { |
25 | 30 | SqlLib lib = loadLibrary(); |
26 | 31 | if (lib != null) { |
27 | | - return lib.detect_sql_injection(query, userInput, dialectInteger) != 0; |
| 32 | + long queryLen = query != null ? query.getBytes(StandardCharsets.UTF_8).length : 0; |
| 33 | + long userInputLen = userInput != null ? userInput.getBytes(StandardCharsets.UTF_8).length : 0; |
| 34 | + int result = lib.detect_sql_injection(query, queryLen, userInput, userInputLen, dialectInteger); |
| 35 | + return result == 1; |
28 | 36 | } |
29 | 37 | } catch (Throwable e) { |
30 | 38 | logger.trace(e); |
|
0 commit comments