Ignore full ai generated sql queries

timokoessler · timokoessler · commit 35e894156ed7 · 2025-04-24T10:33:16.000+02:00
diff --git a/library/vulnerabilities/sql-injection/checkContextForSqlInjection.ts b/library/vulnerabilities/sql-injection/checkContextForSqlInjection.ts
@@ -28,7 +28,7 @@ export function checkContextForSqlInjection({
     }
 
     for (const str of userInput) {
-      if (detectSQLInjection(sql, str, dialect)) {
+      if (detectSQLInjection(sql, str, dialect, source)) {
         return {
           operation: operation,
           kind: "sql_injection",
diff --git a/library/vulnerabilities/sql-injection/detectSQLInjection.test.ts b/library/vulnerabilities/sql-injection/detectSQLInjection.test.ts
@@ -259,6 +259,59 @@ t.test("It does not match GROUP keyword", async () => {
   isNotSqlInjection(query, "ASC");
 });
 
+t.test(
+  "it ignores full SQL queries from the source aiToolParams",
+  async (t) => {
+    const generic = new SQLDialectGeneric();
+    t.same(
+      detectSQLInjection(
+        "SELECT * FROM 'test';",
+        "SELECT * FROM 'test';",
+        generic,
+        "body"
+      ),
+      true
+    );
+    t.same(
+      detectSQLInjection(
+        "SELECT * FROM 'test';",
+        "'test';",
+        generic,
+        "aiToolParams"
+      ),
+      true
+    );
+    t.same(
+      detectSQLInjection(
+        "SELECT * FROM 'test'; DELETE FROM 'test'; -- ';",
+        "test'; DELETE FROM 'test'; -- ';",
+        generic,
+        "aiToolParams"
+      ),
+      true
+    );
+
+    t.same(
+      detectSQLInjection(
+        "SELECT * FROM 'test';",
+        "SELECT * FROM 'test';",
+        generic,
+        "aiToolParams"
+      ),
+      false
+    );
+    t.same(
+      detectSQLInjection(
+        "DELETE FROM 'test';",
+        "DELETE FROM 'test';",
+        generic,
+        "aiToolParams"
+      ),
+      false
+    );
+  }
+);
+
 const files = [
   // Taken from https://github.com/payloadbox/sql-injection-payload-list/tree/master
   join(__dirname, "payloads", "Auth_Bypass.txt"),
diff --git a/library/vulnerabilities/sql-injection/detectSQLInjection.ts b/library/vulnerabilities/sql-injection/detectSQLInjection.ts
@@ -2,16 +2,29 @@ import { SQLDialect } from "./dialects/SQLDialect";
 import { shouldReturnEarly } from "./shouldReturnEarly";
 // eslint-disable-next-line camelcase
 import { wasm_detect_sql_injection } from "../../internals/zen_internals";
+import type { Source } from "../../agent/Source";
 
 export function detectSQLInjection(
   query: string,
   userInput: string,
-  dialect: SQLDialect
+  dialect: SQLDialect,
+  source: Source | undefined = undefined
 ) {
   if (shouldReturnEarly(query, userInput)) {
     return false;
   }
 
+  // Ignore full SQL queries from the source aiToolParams
+  // This is to prevent false positives when the AI tool is generating SQL queries
+  // It was already checked in shouldReturnEarly that the query includes user input
+  if (
+    source &&
+    source === "aiToolParams" &&
+    query.length === userInput.length
+  ) {
+    return false;
+  }
+
   return wasm_detect_sql_injection(
     query.toLowerCase(),
     userInput.toLowerCase(),

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ export function checkContextForSqlInjection({`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`for (const str of userInput) {`
`31`		`- if (detectSQLInjection(sql, str, dialect)) {`
	`31`	`+ if (detectSQLInjection(sql, str, dialect, source)) {`
`32`	`32`	`return {`
`33`	`33`	`operation: operation,`
`34`	`34`	`kind: "sql_injection",`